Learning Aim B: Cyber Security

KEY TERMS
1. ATTACK
  1. A deliberate action, targeting an organizations digital system or data
2. THREAT
  1. An incident or action which is deliberate or unintended that results in disruption, downtime or data loss
    1. EXTERNAL
      1. Caused outside the organization
    2. INTERNAL
      1. Caused by an incident inside an organization
3. Cyber Security
  1. The range of measures that can be taken to protect computer systems, networks, and data from: unauthorized access or cyberattack
4. UNAUTHORIZED ACCESS
  1. This refers to someone gaining entry without permission to an organization’s system, software or data. This achieved by exploiting a security vulnerability
    1. HACKER
      1. Is someone who seeks out and exploits these vulnerabilities.
      2. Types of Hackers
        White
        working with organizations to strengthen the security of a system
        Grey
        Do it for fun and not with malicious intent
        Black
        They try to inflict damage by compromising security systems
WHY ARE SYSTEMS ATTACKED?
1. Personal Attack
  1. Friends / family may attack each other if upset over something
  2. Employees that are unhappy may attack the company
2. Information/Data Theft
  1. Company information may also be stolen
  2. Credit card and financial details are stolen to gain money
3. Disruption
  1. Attacks such as Denial-of-Service stop websites working
  2. Viruses can slow down computers and delete files
4. Industrial Espionage
  1. The aim is to find intellectual property such as designs or blueprints for products, business strategies or software source code
5. Fun/Challenge
  1. Friends may give respect of hacking achievements
  2. There is a sense of achievement
  3. Hacking systems can be fun or a challenge
6. Finacial Gain
  1. Ransoms can be made to prevent attacks from happening
  2. Ransomware can be used to encrypt a computer until you pay
  3. A payment is given to carry out an attack on a organization
MaLWare (Malicious software)
1. This is an umbrella term given to software that is designed to harm a digital system, damage data or harvest sensitive information.
2. VIRUS
  1. A piece of malicious code that attaches to a legitimate program. It is capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer
3. WORM
  1. Similar to virus but unlike a virus it is a self contained program. It is capable of spreading on it own, without help from humans. Worms get around by exploiting vulnerabilities in operating systems and attaching themselves to emails. They self replicate at a tremendous rate, using up hard drive space and bandwidth, overloading servers.
4. Trojan Horse
  1. A type of malware that is often disguised as legitimate software. Users are tricked into downloading it to their computer. Once installed the Trojan works undercover to carry out a predetermined task. Such as Backdoor for hackers to use, Installing harmful programs, Harvesting sensitive data. It is named after the wooden horse used by the ancient Greeks to infiltrate the city of Troy.
5. RootKit
  1. A set of tools that give a hacker a high level administrative control, of a computer. They can then us this privileged position to: Encrypt files Install programs Change system configuration Steal data Much like a trojan, rootkits often come bundled with legitimate software.
6. Keyloggers
  1. spyware that records every keystroke made on a computer to steal personal information
7. Ransomware
  1. Encrypts files stored on a computer to extort or steal money from organisations. Victims must then pay a ransom to have the encrypted files unlocked. There is normally a deadline for the transaction to happen. Bitcoin is usually asked for as a form of payment as they are difficult to trace. If the payment is not made then the amount demanded may increase or the files are permanently locked. Ransomware is usually spread through e-mails or through infected websites.
8. Spyware
  1. malicious software secretly installed to collect information from someone else's computer Cyber criminals harvest personal information such as: Passwords Credit card numbers and other details Email addresses With this information they can steal someone's identity, making purchases on their credit card etc Spyware works in the background on someones computer without it being noticed.
Social Engineering
1. Involves tricking people into divulging valuable information about themselves. Such as Passwords PIN numbers Credit card details
2. Phishing
  1. A way of attempting to acquire information, by pretending to be from a trustworthy source. examples are email spoofing, fake websites, spoof phone calls
3. Spear Phishing
  1. Involves bespoke emails being sent to well-researched victims. eg. where somebody who holds a senior position within an organisation with access to highly valuable information uses it to target victims
4. Man in the middle attack
  1. A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.
5. Blagging
  1. A blagger invents a scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information. For example a blagger might pretend to be a member of the IT department to inform them something is wrong with your PC and requires access to fix the problem
6. Pharming
  1. Involves redirecting people to bogus, look-a -like websites without realising it has happened. The objective is to acquire sensitive personal information or to install malware
7. Shoulder Surfing
  1. Acquiring sensitive information by someone peering over a users shoulder when they are using a device. It can also be done from a distance with the use of technology such as video cameras, drones etc

Siguiente

Learning Aim B: Cyber Security

Descripción

Resumen del Recurso

Similar

	Creado por James TIPPER hace más de 4 años