Weakest link in cyber crime? You

2014-06-04 14:07 - Duncan Alfreds
Post a comment 5

Strong passwords may help prevent cyber criminals from infiltrating computer systems. (Duncan Alfreds, News24)


Cape Town - While some cybercrime is sophisticated in order to break in to computer systems, the human vulnerability is the most common one used, says a security expert.

"Often the first kind of vulnerability exploited by attackers is the human one. They use social engineering techniques to trick individuals who work for an organisation into doing something that jeopardises corporate security," Ghareeb Saad, senior security researcher with the Global Research & Analysis Team, Middle East, Turkey and Africa at Kaspersky Lab told News24.

Cyber criminals have made news over the last several months with a number of high profile intrusions into corporate networks.

Retail giant eBay and a number of companies, including US military contractors, have been victim to cyber hacking of their systems.

Hackers have been able to infiltrate corporate networks by using seemingly simple techniques such as sending e-mails designed to appear as if sent from senior management.

Easy passwords

US authorities who have indicted Chinese officials over cyber spying, saying that social engineering played a far greater role in gaining access to critical systems than superior programming.

"People are susceptible to such approaches for various reasons. Sometimes they simply don't realise the danger, or they are taken in by the lure of 'something for nothing', or lastly they cut corners to make their lives easier - for example, using the same password for everything," said Saad.

This claim was verified by the 2014 Trustwave Global Security Report which found that the most common password was "123456", followed by "123456789", "1234" and "password".

Strong passwords may help prevent cyber criminals from infiltrating computer systems. (Duncan Alfreds, News24)

"A lot of cyber-espionage campaigns in 2013 all started by 'hacking the human' (Red October, MiniDuke, NetTraveler and Icefog). They employed spear-phishing to get an initial foothold in the organisations they targeted," Saad added.

Kaspersky uncovered a number of malicious software, including Stuxnet which targeted Iran's nuclear programme as well as its follow-up malware.

Commentators have suggested that Stuxnet as well as other malwares were so advanced that it implicated nation states as the authors of the software.

Kaspersky said that it has identified Chinese "fingerprints" in cyber espionage.

"In our ongoing investigations of global cyber espionage campaigns aimed at government bodies, institutions and companies, we often come across Chinese indicators," said Saad, adding that malware often had links to Chinese-speaking hacker groups.

- Follow Duncan on Twitter
Read more about: kaspersky lab  |  cybercrime

Read Fin24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.