Share

Weakest link in cyber crime? You

accreditation
Flame virus uncovered by Kaspersky Labs. (Kaspersky, AFP)
Flame virus uncovered by Kaspersky Labs. (Kaspersky, AFP)
Cape Town - While some cybercrime is sophisticated in order to break in to computer systems, the human vulnerability is the most common one used, says a security expert.

"Often the first kind of vulnerability exploited by attackers is the human one. They use social engineering techniques to trick individuals who work for an organisation into doing something that jeopardises corporate security," Ghareeb Saad, senior security researcher with the Global Research & Analysis Team, Middle East, Turkey and Africa at Kaspersky Lab told News24.

Cyber criminals have made news over the last several months with a number of high profile intrusions into corporate networks.

Retail giant eBay and a number of companies, including US military contractors, have been victim to cyber hacking of their systems.

Hackers have been able to infiltrate corporate networks by using seemingly simple techniques such as sending e-mails designed to appear as if sent from senior management.

Easy passwords

US authorities who have indicted Chinese officials over cyber spying, saying that social engineering played a far greater role in gaining access to critical systems than superior programming.

"People are susceptible to such approaches for various reasons. Sometimes they simply don't realise the danger, or they are taken in by the lure of 'something for nothing', or lastly they cut corners to make their lives easier - for example, using the same password for everything," said Saad.

This claim was verified by the 2014 Trustwave Global Security Report which found that the most common password was "123456", followed by "123456789", "1234" and "password".


Strong passwords may help prevent cyber criminals from infiltrating computer systems. (Duncan Alfreds, News24)

"A lot of cyber-espionage campaigns in 2013 all started by 'hacking the human' (Red October, MiniDuke, NetTraveler and Icefog). They employed spear-phishing to get an initial foothold in the organisations they targeted," Saad added.

Kaspersky uncovered a number of malicious software, including Stuxnet which targeted Iran's nuclear programme as well as its follow-up malware.

Commentators have suggested that Stuxnet as well as other malwares were so advanced that it implicated nation states as the authors of the software.

Kaspersky said that it has identified Chinese "fingerprints" in cyber espionage.

"In our ongoing investigations of global cyber espionage campaigns aimed at government bodies, institutions and companies, we often come across Chinese indicators," said Saad, adding that malware often had links to Chinese-speaking hacker groups.


- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
19.01
-0.4%
Rand - Pound
24.16
-0.2%
Rand - Euro
20.66
-0.3%
Rand - Aus dollar
12.39
+0.3%
Rand - Yen
0.13
+0.5%
Platinum
906.17
-1.9%
Palladium
1,006.16
0.0%
Gold
2,156.08
-0.2%
Silver
24.93
-0.5%
Brent Crude
86.89
+1.8%
Top 40
66,252
0.0%
All Share
72,431
0.0%
Resource 10
53,317
0.0%
Industrial 25
100,473
0.0%
Financial 15
16,622
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders