1/15
Name | Mastery | Learn | Test | Matching | Spaced |
---|
No study sessions yet.
What is malware?
harmful program that seeks to damage or gain unauthorised access to your computer system
virus, worms, trojans, spyware and ransomware
What are the features of computer viruses?
embedded within other files
only activated when opened by a human
replicate their code in other programs
infect other copmputers
harm by corrupting, deleting or modifying files. the damage may cause the system to stop working
What are the features of worms?
not hidden within other files
replicates to spread to other computers by finding weaknesses in software / network
does not need an infected file or human interaction to spread
often spread through email
can spread very quickly once it has infiltrated a network
slows down networks and computers but it might not cause any other damage
What are the features of trojans?
harmful program that looks like legitimate software or a cracked file that a user wants
deceives users into installing it
do not self replicate or infect other files
the program will often work as intended but give an attacker backdoor access to the system
might also contain malware that causes damage
What are the features of spyware?
monitor and record user activities
websites visited, personal information and financial information
this is passed to the attacker to use
What are the features of ransomware?
holds a computer hostage by locking or preventing access to files on it by encrypting them
the attacker demands money to decrypt the files but might not necessarily do this if the user pays them
digital currencies make attackers harder to trace
encrypted data can only be recovered if back ups are available
What is social engineering?
manipulation and exploitation of human behaviour to deceive individuals in order to gain unauthorised access to sensitive information or secure systems
phishing, shoulder surfing and poor network policy or people not following it
people are the weak point
What is shoulder surfing?
obtaining information as someone types it in such as by looking over their shoulder or using CCTV
What is phishing and what are the features of it?
deceiving users into entering personal details to an attacker
poses as a legit site in email or texts
provides a link to fake version of the real site
non personalised greeting
variation of a genuine web address
forged link
request for personal info which legit companies do not do through email/text
sense of urgency
poor spelling and grammar
poor network policy
network does not have security rules in place for users to follow
What is a brute force attack?
trying every possible combination of password until the correct one is found
slow but can be sped up using a computer program or multiple computer systems
What is a denial of service (DoS) attack?
a (sometimes hacked) computer repeatedly sends requests to a server which floods and overloads it
server is unable to process and respond to all these requests
it will be slowed or unavailable and may take websites offline temporarily
others denied use of service - company loses reputation
distributed denial of service attack (DDos) is a coordinated attack using a large group of devices controlled and used maliciously by an attacker
What is interception in a network?
data packets are eavesdropped on by a third party and copied to a different location than the intended destination
What is a man in the middle attack?
attacker intercepts communications between the user and the server
uses a packet sniffer to eavesdrop and find personal info
can add different info to a web page or email
unencrypted WiFi increases the risk
How can data theft happen?
loss of a digital device can lead to the loss of the data stored on it
man in the middle attacks
malware such as trojans may create back doors to allow malicious users to access your device
legitmate seeming apps might be malicious and lead to fraudulent charges on your phone bill or theft of info
this info can be used for identity theft
What is SQL injection?
a malicious SQL query is entered into a web form as an input rather than the expected data
this can be interpreted by vulnerable web applications - can give the user unauthorised access to the database
an SQL injection can be used to view, modify or destroy information on the database