Zusammenfassung der Ressource
Learning Aim B cyber
security
- Key terms
- Cyber security
- refers to the range of measures
that can be taken to protect
computer systems, networks
and data from unauthorised
access or cyberattack.
- Threat
- A threat is an incident or an action which
is deliberate or unintended that results in
disruption, down time or data loss.
- Internal Threat = caused by an incident inside an organisation
- External Threat = caused outside the organisation
- Attack
- An attack is a deliberate
action, targeting an
organisation’s digital system
or data.
- Unauthorised access
- This refers to someone gaining entry
without permission to an
organisation’s system, software or
data. This achieved by exploiting a
security vulnerability
- Hackers
- Types of hackers
- White Hat - working
with organizations
to strengthen the
security of a
system
- Grey Hat - Do it for fun
and not with malicious
intent
- Black Hat - They try to
inflict damage by
compromising security
systems
- Why are systems attacked
- Fun/Challenge
- Hacking systems can be fun or a challenge
- There is a sense of achievement
- Friends may give respect of hacking achievements
- Financial gain
- Ransomware can be used to encrypt a computer until you pay
- Ransoms can be made to prevent attacks from happening
- A payment is given to carry out an attack on a organisation
- Disruption
- Attacks such as Denial-of-Service stop websites working
- Viruses can slow down computers and delete files
- Industrial espionage
- The aim is to find intellectual property such
as designs or blueprints for products,
business strategies or software source
code
- Personal atack
- Employees that are unhappy may
attack the company
- Friends / family may attack each other
if upset over something
- Information/Data theft
- Company information may also be stolen
- Credit card and
financial details are
stolen to gain money
- Malware:
- This is an umbrella
term given to software
that is designed to
harm a digital system,
damage data or
harvest sensitive
information.
- Atrojan horse is a type of malware that is often disguised as
legitimate software. Users are tricked into downloading it
to their computer. Once installed the Trojan works
undercover to carry out a predetermined task. Such as
Backdoor for hackers to use Installing harmful programs
Harvesting sensitive data It is named after the wooden
horse used by the ancient Greeks to infiltrate the city
of Troy.
- A rootkit Is a set of tools
that give a hacker a high level
administrative control, of a
computer. They can then us
this privileged position to:
Encrypt files Install programs
Change system configuration
Steal data Much like a trojan,
rootkits often come bundled
with legitimate software.
- RansomwareEncrypts files stored on a computer to extort or steal
money from organisations. Victims must then pay a
ransom to have the encrypted files unlocked. There is
normally a deadline for the transaction to happen. Bitcoin
is usually asked for as a form of payment as they are
difficult to trace. If the payment is not made then the
amount demanded may increase or the files are
permanently locked. Ransomware is usually spread
through e-mails or through infected websites.
- Spyware is malicious software secretly installed to collect
information from someone else's computer Cyber
criminals harvest personal information such as:
Passwords Credit card numbers and other details Email
addresses With this information they can steal
someone's identity, making purchases on their credit
card etc Spyware works in the background on someones
computer without it being noticed.
- Keyloggers are spyware
that records every
keystroke made on a
computer to steal
personal information
- A botnet is an army of 'zombie'
devices. They are used to carry out
mass attacks such as emailing spam to
millions of users.
- A DDoS attack is when someone floods a website
with useless traffic to inundate and overwhelm the
network
- Virus
- A piece of malicious code that attaches to a legitimate program. It is
capable of reproducing itself and usually capable of causing great harm
to files or other programs on the same computer
- Worm
- Similar to virus but unlike a virus it is a self contained program. It is capable of
spreading on it own, without help from humans. Worms get around by exploiting
vulnerabilities in operating systems and attaching themselves to emails. They self
replicate at a tremendous rate, using up hard drive space and bandwidth, overloading
servers.
- Social engineering
- A blagger invents a scenario to engage a targeted victim in a
manner that increases the chance the victim will divulge
information
- involves tricking people into divulging valuable information about themselves.
- Phishing is a way of attempting to acquire
information, by pretending to be from a
trustworthy source. examples are email spoofing,
fake websites, spoof phone calls
- Shoulder surfing is the act of Acquiring sensitive information by someone peering over a users shoulder when they are
using a device. It can also be done from a distance with the use of technology such as
video cameras, drones etc
- Spear phishing involves bespoke emails being sent to well-researched
victims. eg. where somebody who holds a senior position within an
organisation with access to highly valuable information uses it to
target victims
- Pharming Involves redirecting people to bogus, look-a -like websites without realising it has
happened.
- A man in the middle attack is a form of eavesdropping where the attacker makes an independent connection between two
victims and steals information to use fraudulently.