The Importance of Patching Human Vulnerabilities

By David Emm (Securelist)Today’s threat landscape is very complex. Cybercriminals use a wide
range of threats to hijack people’s computers and to make money
illegally. These threats include Trojans of many different kinds,
worms, viruses and exploit code which is designed to enable malware to
make use of vulnerabilities in the operating system or applications.
Cybercriminals also employ a range of sophisticated techniques to hide
malware activity or to make it difficult for anti-virus researchers to
find, analyse and detect malicious code.


Today’s threat landscape is very complex. Cybercriminals use a wide
range of threats to hijack people’s computers and to make money
illegally. These threats include Trojans of many different kinds,
worms, viruses and exploit code which is designed to enable malware to
make use of vulnerabilities in the operating system or applications.
Cybercriminals also employ a range of sophisticated techniques to hide
malware activity or to make it difficult for anti-virus researchers to
find, analyse and detect malicious code.

So it’s easy to see the problem of cybercrime, and solutions to it,
purely in technical terms. But I believe it’s also essential to deal
with the human aspects of cybercrime.

Humans: The weakest link in the security chain

Notwithstanding the technical sophistication of today’s malware,
cybercriminals often try to exploit human weaknesses as a way of
spreading their programs. This should come as no surprise. Humans are
typically the weakest link in any security system. Securing a house is
one example: you can have the finest burglar alarm in the world, but if
you don’t set it, then it offers no protection at all. The same is true
for online security. Cybercriminals continue to make extensive use of
social engineering, i.e. they try and trick people into doing something
that undermines their online security.

We see this in the continued success of phishing scams, designed to
lure people to a fake web site to disclose their personal information,
such as usernames, passwords, PINs and any other information that
cybercriminals can use. The classic phishing scam takes the form of a
speculative email which is spammed to millions of addresses in the hope
that enough people will fall for the scam and click on the link in the
email. Such attacks are still conducted on a frequent basis.

Read the rest of this column on Securelist

Suggested articles

How to Avoid Getting Your Twitter Account Hacked

By Stefan Tanase“All upcoming Guns N’ Roses dates are officially canceled. Please contact your place of purchase for any refunds.”  No Guns N’ Roses fan ever wants to see this text. And especially when it’s published on Axl Rose’s official Twitter account, it’s a guaranteed recipe for disaster. 

Facebook Security Hole Exposes Live Chat, Private Data

The problems with security and privacy on Facebook hit a new gear today with news that a web site vulnerability exposed live chat sessions and other private user data.According to a TechCrunch Europe report, the gaping security security on the Facebook site allowed any user to view the live chats of their ‘friends’ with just a few mouse clicks.

Hackers Using Automation, Geolocation in Social Networking Attacks

MOSCOW — Attackers have been focusing a lot of attention on social networking destinations such as Facebook, Twitter and even LinkedIn for some time now, but they recently have begun shifting their tactics to make their attacks much more effective and precise through the use of geolocation and profiling.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.