In cyberattacks, hacking humans is highly effective way to access systems

[InfoSec News <alerts () infosecnews org>]

http://www.washingtonpost.com/investigations/in-cyberattacks-hacking-humans-is-highly-effective-way-to-access-systems/2012/09/26/2da66866-ddab-11e1-8e43-4a3c4375504a_story.html

By Robert O’Harrow Jr.
The Washington Post
Zero Day
September 26, 2012

The e-mails arrived like poison darts from cyberspace.

Some went to the Chertoff Group, a national security consulting firm in 
Washington. Others targeted intelligence contractors, gas pipeline 
executives and industrial-control security specialists. Each note came 
with the personal touches of a friend or colleague.

“Attach[ed] is a quote for the Social Media training we discussed,” said 
one message sent on July 3 to the vice president of EnergySec, a 
federally funded group in Oregon that focuses on the cybersecurity of 
the nation’s power grid.

But like much of the digital universe, the e-mails were not what they 
seemed. They were cyberweapons, part of a devastating kind of attack 
known as “social engineering.”

Emerging details about the e-mails show how social engineering — long 
favored by con artists, identity thieves and spammers — has become one 
of the leading threats to government and corporate networks in 
cyberspace.

[...]

--
ExpandingSecurity.com Live OnLine classes won’t wreck your schedule.
Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts
Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1:
CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
ISSAP info signup: 
http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/