Cyber Security Threats

COMPUTER SCIENCE:10-12 The internet and it’s issues Cyber Security Threats

Cybersecurity threats pose a major challenge for individuals and organisations that rely on digital technology to store and transmit sensitive information. 

Brute-Force Attack 

  • A brute-force attack is a trial-and-error method used to crack passwords or encryption keys by trying every possible combination until the correct one is found
  • The aim of a brute-force attack is to gain unauthorised access to a system or network

Data Interception

  • Data interception involves eavesdropping on communication channels to intercept and steal sensitive information, such as passwords, credit card numbers, or personal data
  • The aim of data interception is to steal sensitive information for personal gain or to use it for further cyber attacks

Distributed Denial of Service (DDoS) Attack

  • A DDoS attack is where multiple computers are used as bots
  • They flood a server with lots of requests at the same time which the server can’t respond to; causing it to crash or become unavailable to users
  • The aim of a DDoS attack is to disrupt the normal functioning of a system or network by denying users access

Hacking

  • Hacking involves gaining unauthorised access to a system or network to steal or manipulate data, disrupt services, or cause damage
  • The aim of hacking can vary from personal gain to activism or cyber espionage

Malware

Malware is malicious software designed to harm or gain unauthorised access to a system or network. Types of malware include:

  • A virus is a piece of code that attaches itself to a legitimate program or file and then replicates itself to spread to other programs or files on the computer. It can cause damage to the system, including deleting data or damaging hardware
  • A worm is similar to a virus but is a standalone program that can spread and replicate itself over computer networks. It can take up storage space or bandwidth
  • Trojan horse is a program that disguises itself as a legitimate program or file, but when installed, it can delete data or damage hardware
  • Spyware is software that records all key presses and transmits these to a third party
  • Adware is a type of software that displays unwanted advertisements on the computer without the user’s consent. Some of these may contain spyware and some may link to viruses when clicked
  • Ransomware is a type of malware that encrypts the user’s files and demands a ransom payment to decrypt them. It can cause data loss, and financial damage and disrupt business operations

The aim of malware attacks can range from data theft to extortion or disruption of services

Phishing

  • Phishing involves the user is sent an email which looks legitimate
  • This contains a link to a fake website where the user is encouraged to enter their details
  • The aim of phishing is to steal sensitive information for personal gain or to use it for further cyber attacks

Pharming

  • Pharming involves malware being downloaded without the user’s knowledge
  • This redirects the user to a fake website where they’re encouraged to enter their personal details
  • The aim of pharming is to steal sensitive information for personal gain or to use it for further cyber attacks

Social Engineering

  • Social engineering involves manipulating individuals to gain access to confidential information or to perform an action that benefits the attacker
  • This can include techniques such as:
    • This involves posing as someone else to gain trust or access to sensitive information
    • Attackers might pretend to be a co-worker, IT support personnel, or a law enforcement officer to get people to divulge sensitive information or perform an action they wouldn’t otherwise do
    • Baiting is a social engineering technique that involves enticing a victim with a desirable item or promise to extract sensitive information or gain access to a system
    • Attackers might leave a USB drive with a tempting label, like “salary information,” in a public place and wait for someone to pick it up and plug it into a computer
    • Once the drive is connected to the computer, the attacker can access sensitive information or install malware
    • Pretexting involves creating a fake scenario to extract sensitive information
    • The attacker might pose as a bank representative and ask for personal information to “verify your account”
    • Impersonation
    • Baiting
    • Pretexting
  • The aim of social engineering is to exploit human behaviour and vulnerabilities to gain unauthorised access to a system or network


Accidental Damage

Data could also be accidentally damaged in many ways:

ExamplePrevention
Loss of powerUse a UPS
Liquids being spiltDon’t have water near the device
FloodingKeep device in a waterproof box when not is use
FireUse electrics safety and keep device in a fireproof box when not is use
Hardware failureCorrect care and maintenance of hardware
Software failureMaking sure it is always up to date
Human error:Pressing delete by mistakeNot saving dataNot shutting down the computer correctlyAdd verification method for data deletionSet access levels for data to limit who can delete the data
Incorrect use of storage deviceMaking sure device is ejected before removing

Loading

Previous Topic
Back to Lesson notes
Next Topic
error: Content is protected !!