“Spear phishing” — social engineering through email — is one of the most common tactics hackers use when attacking a system, according to Alperovitch.
Cyber spies can get into a network by sending an email or instant message to a targeted victim that will have an attachment or perhaps a link to a website. It will also be customized for the recipient.
For example, “if you are in the sales department, it will ask for information about products,” Alperovitch said.
Once you open the attachment or click on the link, a vulnerability in the system's application such as a word processor or browser will be exploited. Malicious software, known as malware, will then start executing on the machine and open up a communication channel to the hacker to allow them to browse and control the system.
Hackers can also use the infected computer “as a beachhead to get into other machines within that network,” he said.
Alperovitch said that’s how cyber spies were able to hack into Google last year.