Security warning for software developers: You are now prime targets for phishing attacks

Cybercriminals targeting the technology industry commonly direct their phishing campaigns at software developers; here's why.
Written by Danny Palmer, Senior Writer

Software developers are the people most targeted by hackers conducting cyberattacks against the technology industry, with the hackers taking advantage of the public profiles of individuals working in the high-turnover industry to help conduct their phishing campaigns.

The August 2019 Threat Intelligence Bulletin from cybersecurity company Glasswall details the industries most targeted by phishing, with the technology sector accounting for almost half of malicious phishing campaigns.

For attackers targeting technology businesses, the goal is often stealing intellectual property and other data, which can be either be sold for profit, or in the cases of corporate or state-backed espionage, used to build knock-off versions of the same products.

According to the Glasswall report, software developer is the role most targeted by hackers going after the technology sector. A key reason for this is that devs do the groundwork on building software and will often have administrator privileges across various systems. That's something attackers can exploit to move laterally around networks and gain access to their end goal.

"As an attacker, if you can land on an administrator machine, they have privileged access and that's what the attackers are after. Software developers do have that privileged access to IP and that makes them interesting," Lewis Henderson, VP at Glasswall, told ZDNet.

With software developers being technically-savvy people, some might argue that they shouldn't easily fall victim to phishing campaigns. But attackers can use specially-crafted messages to target one individual in the organisation they want to gain access to.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

With software developers often staying in jobs for relatively short periods of time, it's common for those in the profession to build a profile on professional social networks such as LinkedIn. Attackers can exploit that to find out the specific skills and interests of their would-be victim and tailor a spear-phishing email towards them.

In many cases, the attacker will create a phishing email which claims to be from a recruiter looking for someone with the skills or programming languages of the intended victim – skills which have been scraped from their public professional-networking profile.

"It could be a PDF job offer, saying they know you're in the industry and these are your skills because they've looked you up on LinkedIn. They're trying to entice people through social engineering and phishing in a pretty deadly combination," said Henderson.

"The bad guys aren't doing big global campaigns, they're doing a lot of research. And when we look at an attack analysis in the process, a lot of the starting points are intelligence gathering," he added.

One way potential victims could make themselves less susceptible to attacks would be to display less information about themselves on their public-facing profiles – although given this is how many look for work, that might not be practical for everyone.

Users should also be suspicious of unexpected emails from unknown senders, especially those which request a file to be downloaded to see additional information.


Editorial standards