HR departments are also a target for hackers
This threat assessment describes the cyber threat against HR departments and includes advice on how to mitigate cyber attacks against HR departments.
HR departments are popular targets for hackers. They will attack HR departments to both use them as an entry way into the organisation, and as a target in itself. The HR departments may have access to sensitive information about the organisation and its employees, which can be valuable to nation state threat actors and to cyber criminals.
Hackers attack HR departments using for example fake job applications with attached files, designed to look like legitimate resumées, but containing malware. A short, but well crafted job application has been used to compromise both financial institutions and information security companies world wide over the last few years.
The hackers may also pretend to represent an HR department to compromise potential applicants. This can happen through fake LinkedIn profiles, through emails with fake job listings, or by creating fake recruitment web sites that are infected with malware. It can severely damage your organisation's reputation, if its name and HR department is abused by hackers in this way.
Centre for Cybersecurity
November 11, 2020