Weakest link in cyber crime? You
05 June 2014, 09:29
Cape Town - While some cybercrime is sophisticated in order to break in to computer systems, the human vulnerability is the most common one used, says a security expert.
"Often the first kind of vulnerability exploited by attackers is the human one. They use social engineering techniques to trick individuals who work for an organisation into doing something that jeopardises corporate security," Ghareeb Saad, senior security researcher with the Global Research & Analysis Team, Middle East, Turkey and Africa at Kaspersky Lab told News24.
Cyber criminals have made news over the last several months with a number of high profile intrusions into corporate networks.
Retail giant eBay and a number of companies, including US military contractors, have been victim to cyber hacking of their systems.
Hackers have been able to infiltrate corporate networks by using seemingly simple techniques such as sending e-mails designed to appear as if sent from senior management.
US authorities who have indicted Chinese officials over cyber spying, saying that social engineering played a far greater role in gaining access to critical systems than superior programming.
"People are susceptible to such approaches for various reasons. Sometimes they simply don't realise the danger, or they are taken in by the lure of 'something for nothing', or lastly they cut corners to make their lives easier - for example, using the same password for everything," said Saad.
This claim was verified by the 2014 Trustwave Global Security Report which found that the most common password was "123456", followed by "123456789", "1234" and "password".
Strong passwords may help prevent cyber criminals from infiltrating computer systems. (Duncan Alfreds, News24)
"A lot of cyber-espionage campaigns in 2013 all started by 'hacking the human' (Red October, MiniDuke, NetTraveler and Icefog). They employed spear-phishing to get an initial foothold in the organisations they targeted," Saad added.
Kaspersky uncovered a number of malicious software, including Stuxnet which targeted Iran's nuclear programme as well as its follow-up malware.
Commentators have suggested that Stuxnet as well as other malwares were so advanced that it implicated nation states as the authors of the software.
Kaspersky said that it has identified Chinese "fingerprints" in cyber espionage.
"In our ongoing investigations of global cyber espionage campaigns aimed at government bodies, institutions and companies, we often come across Chinese indicators," said Saad, adding that malware often had links to Chinese-speaking hacker groups.
- Follow Duncan on Twitter