1.4

Malware

Definition of Malware

  • Malware is software created to disrupt, damage, or gain unauthorized access to computer systems.

Examples of Malware

  • Viruses

  • Trojans

  • Worms

  • Ransomware

  • Spyware

  • Adware

Effects of Malware

  • Files can be deleted, corrupted, or encrypted

  • Computers may crash, reboot spontaneously, or slow down

  • Internet speed can decrease

  • Keyboard inputs can be logged and sent to hackers

Phishing

Definition of Phishing

  • Phishing is the fraudulent practice of sending emails containing false information to obtain personal data.

Purposes of Phishing

  • To obtain passwords or credit card information

Effects of Phishing

  • Access to victim's accounts for financial gain

  • Unauthorized purchases

  • Opening bank accounts and credit cards

  • Cashing illegitimate checks

  • Access to high-level data

  • Potential blacklisting of financial services

Brute Force Attack

Definition of Brute Force Attack

  • Brute force attack is a trial and error method used to decode encrypted data like passwords and keys.

Example of Brute Force Attack

  • Trying every word in the dictionary

Effects of Brute Force Attack

  • Data theft and access to corporate systems

  • Loss of service access for customers

Denial of Service Attack

Definition of Denial of Service Attack

  • Flooding a server with useless traffic to overload it.

Effects of Denial of Service Attack

  • Lost revenue

  • Lower productivity

  • Damage to reputation

Data Interception and Theft

Definition of Data Interception and Theft

  • Unauthorized act of stealing computer-based information from a victim.

Examples of Data Interception and Theft

  • Sniffing usernames or passwords

Effects of Data Interception and Theft

  • Compromised usernames and passwords

  • Disclosure of corporate data

  • Theft of data

SQL Injection

Definition of SQL Injection

  • Technique used to change or delete data in a database.

Examples of SQL Injection

  • "SMITH" "OR" "="

Effects of SQL Injection

  • Outputting database contents revealing private data

  • Database alterations or deletions

  • Addition of new data

Prevention Methods

Preventing Malware

  • Use strong security software like firewall, spam filter, antivirus/spyware

  • Keep operating system and security software updated

  • Train staff to be cautious with email attachments and software downloads

  • Regularly back up files on removable media

Preventing Phishing

  • Utilize strong security software

  • Train staff to identify fake emails and websites, avoid disclosing personal or corporate data, and disable browser pop-ups

Preventing Brute Force Attack

  • Implement network lockout policy

  • Use progressive delays

  • Train staff to use effective passwords with symbols, letters, numbers, and mixed cases

  • Utilize captchas

Preventing Denial of Service Attack

  • Employ a strong firewall

  • Use packet filters on routers

  • Configure web servers

  • Implement auditing, logging, and monitoring systems

Preventing Data Interception and Theft

  • Encrypt data

  • Use virtual networks

  • Train staff on password usage, computer locking, logging off, and portable media handling

  • Invest in network vulnerability assessments

Preventing SQL Injection

  • Validate input boxes

  • Use parameter queries

  • Set database permissions

  • Conduct penetration testing

Preventing Vulnerabilities Caused by People

  • Utilize anti-malware software

  • Implement firewalls

  • Assign user access levels

  • Use password encryption

  • Ensure physical security