Users are the central target of hackers

Picture 1 of Users are the central target of hackers Hackers are moving attack targets to users instead of attacking systems.

The most obvious evidence for the trend of switching targets in hackers is the continuous disclosure of security flaws in the Microsoft Office suite and a variety of security threats from various types of documents. Malicious potentially exploits such security bugs.

In fact, it is also said that hackers seem to have automated the detection and exploitation of security flaws.

The goal is the user

Alfred Huger - a senior expert at security firm Symantec - said: " Hackers are targeting attacks on users rather than on systems. What they look for is not the server they're looking for. username and email address ".

" It is difficult to identify a specific person from a website. Therefore, the attackers have targeted a specific company, they focus on the attack, they are turning to tons. public specific client applications such as Microsoft. "

Huger simulates a targeted attack model through exploiting security flaws in Office as follows: " An attacker can find the name and email address of a low-level financial officer of a company. From a press release, for example, they will then pretend to be the financial manager of that company to send to the employee speaking on an Excel file. The hacker's Excel news is very high because he will think it was sent from his manager. Obviously the level of success of such attacks will be very high . "

Fuzzer shows up

The constant discovery of security flaws in Office has sparked concerns about tools called "fuzzer" - a tool that automatically detects security flaws developed by security researchers. and hackers over the past two years. However, this tool is only known to the public.

" A fuzzer tool will send any type of data value to the input of any program to detect if something goes wrong. This is a commonly used tool for detection. "Buffer overflow security errors. And it is also a quick and most effective solution for detecting security errors, " Huger said.

Huger said that thanks to HD Moore, everyone is known to fuzzer. Moore - one of the leading developers in the open source project Metasploit Framework - has just launched a "every day a security bug" project and claims he has used a lot of fuzzers to detect such security flaws. .

Microsoft is also one of the companies spending the most time and money for fuzzer, Huger said. This expert believes that Windows Vista itself is also tested with fuzzer tools.

" I think this will provide a better platform for Vista, " Huger said. " But that is not the end of concerns about security flaws. Hackers still detect errors in Vista because there are new scripts ."

Hoang Dung