LinkedIn has accelerated threat detection and response efforts following the completion of the Moonbase project that leveraged automation in an effort to bolster TDIR while enhancing its security analysts' and engineers' quality of life amid increasingly sophisticated threats against the professional networking site, according to ZDNET.
LinkedIn had its threat detection and monitoring capabilities, as well as its security operations center, overhauled from March to September 2022, with LinkedIn's Threat Detection and Incident Response team reexamining the process of threat identification and analysis.
Aside from analyzing data needing the most urgent protection, LinkedIn also transitioned its SOC to a software-defined and cloud-focused security operation that prioritized automation in the detection process.
"When it comes to what we don't know, it really depends on us just looking for strange signals in our threat hunting. And that's really the way to get it by dedicating time to looking for unusual signals that could eventually be rolled into a permanent detection," said LinkedIn Director of Incident Response and Detection Engineering Jeff Bollinger.
Hijacked Ubiquiti EdgeRouters were reported by the FBI, National Security Agency, U.S. Cyber Command, and other law enforcement agencies around the world to have been exploited by Russian state-sponsored threat operation APT28.