In response to the recent Google discovery of a state-backed hacking campaign by North Korea targeting security researchers engaging in vulnerability research, cyber security experts commented below.
<p>Attackers regularly succeed in infiltrating corporate networks across a range of different industries by using social engineering to exploit vulnerabilities in the human psyche. This case is no different, and if anything shows that security researchers – typically the most security-literate employees within organisations – are equally vulnerable to being targeted in carefully co-ordinated, calculated attacks.</p> <p> </p> <p>What is interesting about this state-backed hacking campaign uncovered by Google is that even nation states are using social engineering as an attack vector. Businesses must be aware and meet this challenge by adopting privileged access management to prevent the lateral spread of an attack. Proactively managing and rotating high-value ‘privileged’ credentials, and limiting user access to only the information and tools needed to perform their immediate role, reduces an attacker’s route to critical data and their ability to exfiltrate information or disrupt operations.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics