Cyber Security Threats
Cybersecurity threats pose a major challenge for individuals and organisations that rely on digital technology to store and transmit sensitive information.
Brute-Force Attack
- A brute-force attack is a trial-and-error method used to crack passwords or encryption keys by trying every possible combination until the correct one is found
- The aim of a brute-force attack is to gain unauthorised access to a system or network
Data Interception
- Data interception involves eavesdropping on communication channels to intercept and steal sensitive information, such as passwords, credit card numbers, or personal data
- The aim of data interception is to steal sensitive information for personal gain or to use it for further cyber attacks
Distributed Denial of Service (DDoS) Attack
- A DDoS attack is where multiple computers are used as bots
- They flood a server with lots of requests at the same time which the server can’t respond to; causing it to crash or become unavailable to users
- The aim of a DDoS attack is to disrupt the normal functioning of a system or network by denying users access
Hacking
- Hacking involves gaining unauthorised access to a system or network to steal or manipulate data, disrupt services, or cause damage
- The aim of hacking can vary from personal gain to activism or cyber espionage
Malware
Malware is malicious software designed to harm or gain unauthorised access to a system or network. Types of malware include:
- A virus is a piece of code that attaches itself to a legitimate program or file and then replicates itself to spread to other programs or files on the computer. It can cause damage to the system, including deleting data or damaging hardware
- A worm is similar to a virus but is a standalone program that can spread and replicate itself over computer networks. It can take up storage space or bandwidth
- A Trojan horse is a program that disguises itself as a legitimate program or file, but when installed, it can delete data or damage hardware
- Spyware is software that records all key presses and transmits these to a third party
- Adware is a type of software that displays unwanted advertisements on the computer without the user's consent. Some of these may contain spyware and some may link to viruses when clicked
- Ransomware is a type of malware that encrypts the user's files and demands a ransom payment to decrypt them. It can cause data loss, and financial damage and disrupt business operations
The aim of malware attacks can range from data theft to extortion or disruption of services
Phishing
- Phishing involves the user is sent an email which looks legitimate
- This contains a link to a fake website where the user is encouraged to enter their details
- The aim of phishing is to steal sensitive information for personal gain or to use it for further cyber attacks
Pharming
- Pharming involves malware being downloaded without the user’s knowledge
- This redirects the user to a fake website where they’re encouraged to enter their personal details
- The aim of pharming is to steal sensitive information for personal gain or to use it for further cyber attacks
Exam Tip
- A user needs to click on a link or an attachment to open the fake web page or trigger a download of malicious code, and not just open the email
Social Engineering
- Social engineering involves manipulating individuals to gain access to confidential information or to perform an action that benefits the attacker
- This can include techniques such as:
- This involves posing as someone else to gain trust or access to sensitive information
- Attackers might pretend to be a co-worker, IT support personnel, or a law enforcement officer to get people to divulge sensitive information or perform an action they wouldn't otherwise do
- Baiting is a social engineering technique that involves enticing a victim with a desirable item or promise to extract sensitive information or gain access to a system
- Attackers might leave a USB drive with a tempting label, like "salary information," in a public place and wait for someone to pick it up and plug it into a computer
- Once the drive is connected to the computer, the attacker can access sensitive information or install malware
- Pretexting involves creating a fake scenario to extract sensitive information
- The attacker might pose as a bank representative and ask for personal information to "verify your account”
- Impersonation
- Baiting
- Pretexting
- The aim of social engineering is to exploit human behaviour and vulnerabilities to gain unauthorised access to a system or network
Accidental Damage
Data could also be accidentally damaged in many ways:
Example | Prevention |
Loss of power |
Use a UPS |
Liquids being spilt |
Don’t have water near the device |
Flooding |
Keep device in a waterproof box when not is use |
Fire |
Use electrics safety and keep device in a fireproof box when not is use |
Hardware failure |
Correct care and maintenance of hardware |
Software failure |
Making sure it is always up to date |
Human error:
|
Add verification method for data deletion Set access levels for data to limit who can delete the data |
Incorrect use of storage device |
Making sure device is ejected before removing |
Exam Tip
-
If you are given context in a question, you should apply your answer to the scenario
-
Back-up of data is not a method to help prevent the data being damaged. It can replace the data if it is damaged, but it does not stop the data being damaged