No one wants to think about the idea of a company's customer data such as passwords, IPs or credit cards to move freely to Internet. Governments and corporations are permanently in the fear of being found hacker which will discover a security gap in the site's code and their data will be freely available on the internet.
So they hire experts to protect their websites that operate through a server 24/24/360. But usually the breaches don't come from where everyone expects. When security teams work to close every security loophole, the hackers they laugh and look towards the clerk.
Unfortunately, it is true. The most vulnerable point of the companies is the people who work in them and the companies trust their access to their systems.
The new report of RAND Corporation “Markets for Cybercrime Tools and Stolen DataHe explains that in addition to the vulnerabilities in unpatched systems, the human element continues to be the main weak point for attacks.
Updates are made, vulnerabilities can be removed but people… are people.
Below we present six common human ones Mistakes which can be very expensive.
The attack on the front page
At the moment, phishing is one of the main ways of cheating employees. Phishing attacks are now very sophisticated and the RAND report says phishing is expected to become even more sophisticated as the black market for cyber crime is maturing.
A typical standard phishing attack is a disguised email that appears to come from someone familiar. The worker believes it, clicks on a link or downloads an attachment and that was it. Cybercriminals to achieve this use popular trends, and more specifically the headlines.
RAND explains that news as a phishing element often plays with emotional situations e.g. natural disasters, Wikileaks revelations, or presentations of new operating systems.
Headlines are often used in spear-phishing attacks, for example, "click on this link to donate something to the victims of the Haiti earthquake."
The Bad Android
“Η ανάπτυξη των κινητών malware για Android συσκευές έχει φτάσει το 70% του συνόλου των κινητών επιθέσεων και θα συνεχιστεί μέχρι το Google, οι κατασκευαστές συσκευών και οι πάροχοι υπηρεσιών να συνεργαστούν και να βρουν έναν τρόπο παροχής ενημερώσεων και αναβαθμίσεων για τους χρήστες τους (μόνο το 12% των Android συσκευών έχουν ενημερωθεί για να εμποδίζουν τις χρεώσεις των premium SMS που έρχονται από κακόβουλα programs που υπάρχουν στα τηλέφωνα ανυποψίαστων χρηστών)” αναφέρει το RAND
Employees must be warned not to open any text or link in their browser mobile τους, κάτι το οποίο μπορεί να προκαλέσει εξίσου μεγάλη ζημιά με την κλοπή ενός κωδικού πρόσβασης από ένα κακόβουλο λογισμικό σε υπολογιστή. Οι Mobile browsers έχουν τα ίδια bugs, και είναι πολύ εύκολο για ένα κακόβουλο χρήστη να διαμορφώσει μια κακόβουλη ιστοσελίδα για κινητά.
Workers traveling: The easy targets
The workers that travel are extremely vulnerable to attacks, and often they do not know that they have violated - because they do not know how to ensure their devices, their access to a network, ή what exactly they need to look for to discover possible violations.
One such common attack it is called "Evil Maid Attack," and indicate when a hacker acquire access at unattended computer of a workerAt phoneAt tablets ή to hard drives, usually by a neighbor hotel room.
The devices can to be challenged in less than from sixty seconds. Load one malicious software that leaves no trace. This malware can communicate with the hacker who installed it, and can spread into a more systems when you reach your company and sign in again home network.
Violated Companies We Trust
At sophisticated attacks, the employee not clicks to a link that looks "weird" but makes it comfortable click in a link that belongs to a large business of which server is hacked.
Her report RAND it's mentioned that the "recent increases in use attacks watering-hole (where users visit a popular, legal, but unsafe website) based on well known exploit kits that are available for sale in the black market.
Last week, a server of her EA Games was revealed that it is hacked and hosted a website Phishing in which The visitors they were glad credentials their connection, at hackers.
The employees are objectives outside the network the company's.
The workers they could use dangerously violated wireless networks to access a company's systems. They can connect to the device or computer someone elses In case of emergency, or use contaminated USB sticks on clean computers.
If an employee works from distance, hackers can easily be "Catch" its circulation on the Internet via a unprotected access to the Internet (wired or Wi-Fi) if the worker does not use it a safe one VPN for the protection of the activities on the Internet.
Fear the Danaeans and gifts with them
And of course not to forget the hackers who promise gifts. From time to time we have published for value-added product ads that are awarded or drawn. Naturally nothing is true, and the savvy usually end up with some malware on their computer.
The article was published by Violet Blue at ZDNet
