The human vulnerability

Hello from the Middle East! I’m in Kuwait City where I’m speaking at the Kuwait ICT Security Forum. The topic of my presentation? Web 2.0 attacks, of course –that’s where it’s at these days.

One of the biggest points when I talk about web 2.0 threats is the importance of social engineering, or the “human vulnerability”, as I like to call it, in getting innocent users’ computers infected. Social engineering has been around for just about ever, way before any social networking sites, but right now, with everyone and their dog using sites like Facebook, Twitter, etc., it seems to me the two go hand in hand. Social engineering, social networking – not so hard to spot what these two have in common, is it?

We’ve recently seen a massive increase in phishing attacks on the Facebook login page. Attackers have been using Facebook’s internal message system to send short messages that direct users to “”, a website purposely designed to clone Facebook’s log-in screen.

Why do the bad guys want Facebook passwords? Simple: malicious code distributed via social networking sites is 10 times more effective in terms of successful infection than malware spread via email. Users are far more likely to click on a link received from a trusted friend (or a trusted friend’s dog!) rather than a link in a random spam message.

Don’t be a victim: consider creating a bookmark for the login page, or typing directly into the browser address bar. Even better, think about using HTTPS, especially if you are browsing from a public network:

This advice doesn’t only apply to Facebook, of course. Here’s to happy socializing! Or should I say… safe socializing?

The human vulnerability

Your email address will not be published. Required fields are marked *



Focus on DroxiDat/SystemBC

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

APT trends report Q2 2023

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Subscribe to our weekly e-mails

The hottest research right in your inbox