Learning Aim B: Cyber Security

KEY TERMS
1. CYBER SECURITY
  1. Refers to the range of measures that can be taken to protect computer systems. networks and data from unarthorised access or cyber attack.
2. THREAT
  1. A threat is an incident or an action which is deliberate or unintended that results in distribution, down time or data loss.
  2. INTERNAL THREAT
    1. Caused by an incident inside an organisation
  3. EXTERNAL THREAT
    1. Caused outside the organisation
3. ATTACK
  1. An attack is a deliberate action, targeting an organisation's digital system or data
4. UNARTHORISED ACCESS
  1. This refers to someone gaining entry without permission to an organisation's system, software or data
    1. HACKER
      1. Is someone who seeks out and exploits these vulnerabilities
      2. 3 TYPES OF HACKERS
        Black
        They try to inflict damage by compromising security systems
        Grey
        Do it for fun and not with malicious intent
        White
        Working with organisation's to strengthen the security of a system
  2. This is achieved by exploiting a security vulnerability
WHY ARE SYSTEMS ATTACKED
1. FUN/CHALLENGE
  1. Hacking systems can be fun or a challenge
  2. There is a sense of achievement
  3. Friends may give respect of hacking achievements
2. FINANCIAL GAIN
  1. Ransoms can be made to prevent attacks from happening
  2. Ransomware can be used to encrypt a computer until you pay
  3. A payment is given to carry out an attack on an organization
3. DISTRIBUTION
  1. Attacks such as denial of service stop websites from working
  2. Viruses can slow down computers and delete files
4. INDUSTRIAL ESPIONAGE
  1. The aim is to find intellectual property such as design or blueprints for products, business strategies or software source code
5. PERSONAL ATTACK
  1. Employees that are unhappy may attack the company
  2. Friends/family mat attack each other if upset over something
6. INFORMATION/DATA THEFT
  1. Credit card or financial details are stolen to gain money
  2. Company information may also be stolen
MALWARE
1. MALICIOUS SOFTWARE
  1. This is an umbrella term given to software that is designed to harm a digital system, damage data or harvest sensitive information.
2. VIRUS
  1. A piece of malicious code that attaches to a legitimate program. It is capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer
3. WORM
  1. Similar to virus but unlike a virus it is a self contained program. It is capable of spreading on it own, without help from humans. Worms get around by exploiting vulnerabilities in operating systems and attaching themselves to emails. They self replicate at a tremendous rate, using up hard drive space and bandwidth, overloading servers.
4. TROJAN HORSE
  1. A type of malware that is often disguised as legitimate software. Users are tricked into downloading it to their computer. Once installed the Trojan works undercover to carry out a predetermined task. Such as Backdoor for hackers to use Installing harmful programs Harvesting sensitive data It is named after the wooden horse used by the ancient Greeks to infiltrate the city of Troy.
5. ROOTKIT
  1. Is a set of tools that give a hacker a high level administrative control, of a computer. They can then us this privileged position to: Encrypt files Install programs Change system configuration Steal data Much like a trojan, rootkits often come bundled with legitimate software.
6. RANSOMEWARE
  1. Encrypts files stored on a computer to extort or steal money from organisations. Victims must then pay a ransom to have the encrypted files unlocked. There is normally a deadline for the transaction to happen. Bitcoin is usually asked for as a form of payment as they are difficult to trace. If the payment is not made then the amount demanded may increase or the files are permanently locked. Ransomware is usually spread through e-mails or through infected websites.
7. SPYWARE
  1. malicious software secretly installed to collect information from someone else's computer Cyber criminals harvest personal information such as: Passwords Credit card numbers and other details Email addresses With this information they can steal someone's identity, making purchases on their credit card etc Spyware works in the background on someones computer without it being noticed.
8. KEYLOGGERS
  1. spyware that records every keystroke made on a computer to steal personal information
9. BOTNET
  1. An army of 'zombie' devices. They are used to carry out mass attacks such as emailing spam to millions of users.
10. DISTRIBUTED DENIAL-OF-SERVICE ATTACK
  1. Flooding a website with useless traffic to inundate and overwhelm the network
SOCIAL ENGINEERING
1. PHISHING
  1. A way of attempting to acquire information, by pretending to be from a trustworthy source. examples are email spoofing, fake websites, spoof phone calls
2. SPEAR PHISHING
  1. Involves bespoke emails being sent to well-researched victims. eg. where somebody who holds a senior position within an organisation with access to highly valuable information uses it to target victims
3. BLAGGING
  1. A blagger invents a scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information
4. SHOULDER SURFING
  1. Acquiring sensitive information by someone peering over a users shoulder when they are using a device. It can also be done from a distance with the use of technology such as video cameras, drones etc
5. PHARMING
  1. Involves re directing people to bogus, look-a -like websites without realising it has happened.
6. MAN IN THE MIDDLE ATTACK
  1. A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

Próximo

Learning Aim B: Cyber Security

Descrição

Resumo de Recurso

Semelhante

	Criado por Luke ROBERTS mais de 4 anos atrás