An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts.
In many of the examples we saw the new email address was linked to the Russian “rambler.ru” service. This does not necessarily mean the attack is originating from Russia
cont.....
The best defence against brute force attacks, credential stuffing, and other password attacks, is to set up two-step verification.
Setting up MFA for LinkedIn with Okta turned out to be painful because LinkedIn does not provide a QR code but a secret key which is so long that it’s hard to get it right the first, or second time. But since it’s safer than using the SMS 2FA, this is how it’s done:
Open Settings & Privacy
Under Sign in & security
Select Two-step verification
cont..... #Linkedin
Set the option to on and you will be presented with two choices
Choose the Authenticator app method and follow the instructions from there
You will receive an email confirming the change that tells you: From now on, you can use your authenticator app to get a verification code whenever you want to sign in from a new device or browser.
@ecksmc
But is MalwareBytes the best authenticator app for the job? Seems like the hackers would go after them next...?
@Teej_Muk although Malwarebytes OneView provides two-factor authentication for extra security
i don't think they are suggesting you only have that choice to enable 2FA you can use any other 2FA service/app available
the article is merely highlighting users should use it and set it up as it wasn't possible to use such services/apps before or at least it was harder to get them set up
@Teej_Muk it's like saying bad actors would go after every 2FA service available which isn't really gonna happen
only method i've heard of about "hacking" 2FA is SIM jacking directly affects SMS-based 2FA systems - using apps are a lot safer
a valid option as so many don't use 2FA as is so go after them as they are easy targets rather than anyone who uses 2FA