1.4.1 Threats to computer systems and networks

What is malware?

• any type of harmful program that seeks to damage or gain unauthorised access to your computer system

• virus, worms, trojans, spyware and ransomware

What are the features of computer viruses?

• programs embedded within other files

• only activated when opened by a human

• replicate their code in other programs

• infect other copmputers

• harm by corrupting, deleting or modifying files. the damage may cause the system to stop working

What are the features of worms?

• not hidden within other files

• replicates to spread to other computers by finding weaknesses in software

• does not need an infected file or human interaction to spread

• often spread through email

• can spread very quickly once it has infiltrated a network

• slows down networks and computers but it might not cause any other damage

What are the features of trojans?

• harmful program that looks like legitimate software or a cracked file that a user wants

• deceives users into installing it

• do not self replicate or infect other files

• the program will often work as intended but give an attacker backdoor access to the system

• might also contain malware that causes damage

What are the features of spyware?

• monitor and record user activities

• will record websites visited, personal information and financial information

• this is passed to the attacker to use

What are the features of ransomware?

• holds a computer hostage by locking or preventing access to files on it by encrypting them

• the attacker demands money from the victim to decrypt the files but might not necessarily do this if the user pays them

• attackers usually use digital currencies as this makes them harder to trace

• encrypted data can only be recovered if back ups are available

What is social engineering?

• to trick others into revealing their personal data by posing as a trusted source

• phishing, shoulder surfing and poor network policy or people not following it

What is shoulder surfing?

• obtaining information as someone types it in such as by looking over their shoulder or using CCTV

What is phishing and what are the features of it?

• tricking users into entering personal details to an attacker

• poses as a legit site in email or texts

• provides a link to fake version of the real site

• non personalised greeting

• variation of a genuine web address

• forged link

• request for personal info which legit companies do not do through email/text

• sense of urgency

• poor spelling and grammar

poor network policy

….

What is a brute force attack?

• trying every possible combination of password until the correct one is found

• slow but can be sped up using a computer program or multiple computer systems

What is a denial of service (DoS) attack?

• a computer repeatedly sends requests to a server which floods and overloads it (sometimes a hacked computer will be made to do this)

• The server is unable to process and respond to all these requests

• it will be slowed or shut down and may take websites offline temporarily

• a distributed denial of service attack (DDos) is a coordinated attack using a botnet (a large group of devices controlled and used maliciously by an attacker)

What is interception in a network?

• data packets are eavesdropped on by a third party and copied to a different location than the intended destination

What is a man in the middle attack?

• attacker intercepts communications between the user and the server

• uses a packet sniffer to eavesdrop and find personal info

• can add different info to a web page or email

• unencrypted WiFi increases the risk

How can data theft happen?

• loss of a digital device can lead to the loss of all the data stored on it

• man in the middle attacks

• malware such as trojans may create back doors to allow malicious users to access your device

• legitmate seeming apps might be malicious and lead to fraudulent charges on your phone bill or theft of info

• this info can be used for identity theft

What is SQL injection?

• a malicious SQL query is entered into a web form as an input rather than the expected data

• this can be interpreted by vulnerable web applications can give the user unauthorised access to the database

• an SQL injection can be used to view, modify or destroy information on the database