Weakest link in cyber crime? You

Flame virus uncovered by Kaspersky Labs. (Kaspersky, AFP)
Flame virus uncovered by Kaspersky Labs. (Kaspersky, AFP)
Cape Town - While some cybercrime is sophisticated in order to break in to computer systems, the human vulnerability is the most common one used, says a security expert.

"Often the first kind of vulnerability exploited by attackers is the human one. They use social engineering techniques to trick individuals who work for an organisation into doing something that jeopardises corporate security," Ghareeb Saad, senior security researcher with the Global Research & Analysis Team, Middle East, Turkey and Africa at Kaspersky Lab told News24.

Cyber criminals have made news over the last several months with a number of high profile intrusions into corporate networks.

Retail giant eBay and a number of companies, including US military contractors, have been victim to cyber hacking of their systems.

Hackers have been able to infiltrate corporate networks by using seemingly simple techniques such as sending e-mails designed to appear as if sent from senior management.

Easy passwords

US authorities who have indicted Chinese officials over cyber spying, saying that social engineering played a far greater role in gaining access to critical systems than superior programming.

"People are susceptible to such approaches for various reasons. Sometimes they simply don't realise the danger, or they are taken in by the lure of 'something for nothing', or lastly they cut corners to make their lives easier - for example, using the same password for everything," said Saad.

This claim was verified by the 2014 Trustwave Global Security Report which found that the most common password was "123456", followed by "123456789", "1234" and "password".

Strong passwords may help prevent cyber criminals from infiltrating computer systems. (Duncan Alfreds, News24)

"A lot of cyber-espionage campaigns in 2013 all started by 'hacking the human' (Red October, MiniDuke, NetTraveler and Icefog). They employed spear-phishing to get an initial foothold in the organisations they targeted," Saad added.

Kaspersky uncovered a number of malicious software, including Stuxnet which targeted Iran's nuclear programme as well as its follow-up malware.

Commentators have suggested that Stuxnet as well as other malwares were so advanced that it implicated nation states as the authors of the software.

Kaspersky said that it has identified Chinese "fingerprints" in cyber espionage.

"In our ongoing investigations of global cyber espionage campaigns aimed at government bodies, institutions and companies, we often come across Chinese indicators," said Saad, adding that malware often had links to Chinese-speaking hacker groups.

- Follow Duncan on Twitter
We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot