Six Clicks: How hackers use employees to tamper with systems

No one wants to think about the idea of ​​a company's customer data such as passwords, IPs or credit cards to move freely to Internet. Governments and corporations are permanently in the fear of being found hacker which will discover a security gap in the site's code and their data will be freely available on the internet.


So they hire specialists to shield their websites through a 24 / 24 / 360 server. Usually, however, violations do not come from where everyone is waiting. When security teams work by closing every security gap, hackers laugh and look at the employee.

Unfortunately, it is true. The most vulnerable point of the companies is the people who work in them and the companies trust their access to their systems.

The new report of RAND Corporation “Markets for Cybercrime Tools and Stolen DataHe explains that in addition to the vulnerabilities in unpatched systems, the human element continues to be the main weak point for attacks.

Updates are made, vulnerabilities can be removed but people… are people.

Below we present six common human mistakes that can cost very much.

The attack on the front page

At the moment, phishing is one of the main ways of cheating employees. Phishing attacks are now very sophisticated and the RAND report says phishing is expected to become even more sophisticated as the black market for cyber crime is maturing.

A typical standard phishing attack is a disguised email that appears to come from someone familiar. The worker believes it, clicks on a link or downloads an attachment and that was it. Cybercriminals to achieve this use popular trends, and more specifically the headlines.

RAND explains that news as a phishing element often plays with emotional situations e.g. natural disasters, Wikileaks revelations, or presentations of new operating systems.

Headlines are often used in spear-phishing attacks, for example, "click on this link to donate something to the victims of the Haiti earthquake."

The Bad Android

"The development of mobile malware for Android devices has reached 70% of all mobile attacks and will continue until Google, device manufacturers and service providers work together and find a way to provide updates and upgrades for their users (only 12% of Android devices have been updated to prevent premium SMS charges coming from malware on unsuspecting users' phones) ”says RAND

Workers should be warned not to open any text or link to their mobile browser, which can cause as much damage as stealing a password from a malware to a computer. Mobile browsers have the same bugs, and it's very easy for a malicious user to configure a malicious mobile site.

Workers traveling: The easy targets

The workers that travel are extremely vulnerable to attacks, and often they do not know that they have violated - because they do not know how to ensure their devices, their access to a network, ή what exactly they need to look for to discover possible violations. 

One such common attack it is called  "Evil Maid Attack," and indicate when a hacker acquire access at unattended computer of a workerAt phoneAt tablets ή to hard drives, usually by a neighbor hotel room.

The devices can to be challenged in less than from sixty seconds. Load one malicious software that leaves no trace. This malware can communicate with the hacker who installed it, and can spread into a more systems when you reach your company and sign in again home network.

Violated Companies We Trust

At sophisticated attacks, the employee not clicks to a link that looks "weird" but makes it comfortable click in a link that belongs to a big business of which server is hacked.

Her report RAND it's mentioned that the "recent increases in use attacks watering-hole (where users visit a popular, legal, but unsafe website) based on well known exploit kits that are available for sale in the black market.

Last week, a server of her EA Games was revealed that it is hacked and hosted a website Phishing in which The visitors they were glad credentials their connection, at hackers.

The employees are objectives outside the network the company's.

The workers they could use dangerously violated wireless networks to access a company's systems. They can connect to the device or computer someone elses In case of emergency, or use contaminated USB sticks on clean computers.

If an employee works from distance, hackers can easily be "Catch" its circulation on the Internet via a unprotected access to the Internet (wired or Wi-Fi) if the worker does not use it a safe one VPN for the protection of the activities on the Internet.

Fear the Danaeans and gifts with them

And of course not to forget the hackers who promise gifts. From time to time we have published for value-added product ads that are awarded or drawn. Naturally nothing is true, and the savvy usually end up with some malware on their computer.

The article was published by Violet Blue at ZDNet The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.098 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).