4.1 Threats to a network Flashcards
Forms of attack on a computer
Computers face a variety of forms of attack and they can cause a large number of issues for a network
The main threats posed to a network are
Malware
Social engineering
Brute-force attacks
Denial of service attacks
Data interception & theft
SQL injection
Malware
Malware (malicious software) is the term used for any software that has been created with malicious intent to cause harm to a computer system.
Examples of issues caused by malware include
Files being deleted, corrupted or encrypted.
Internet connection becoming slow or unusable.
Computer crashing or shutting down
There are various types of malware and each has slightly different issues which they cause.
Virus
A program which can replicate itself on a user’s computer. It contains code that will cause unwanted and unexpected events to occur.
Examples of issues a user may experience are:
Corrupt files
Delete data
Prevent applications from running correctly
Worms
Worms are very similar to viruses, with the main difference being that they will spread to other drives and computers on the network.
Worms can infect other computers from
Infected websites, Instant message, services, Email, Network connection
Trojan
Sometimes also called a Trojan Horse.
Trojans disguise themselves as legitimate software but contain malicious code in the background.
Spyware
Software which will allow a person to spy on the users’ activities on their devices.
This form of software will be embedded into other software such as games or programs that have been downloaded from illegitimate sources.
Spyware can record your screen, log your keystrokes to gain access to passwords and more.
Ransomware
A form of malware that locks your computer or device and encrypts your documents and other important files.
Often a demand is made for money to receive the password that will allow the user to decrypt the files.
There is no guarantee paying the ransom will result in the user getting their data back.
Social engineering
Social engineering is way of gaining illegal access to sensitive information/private networks by influencing people.
There are many forms of social engineering, some examples include:
Fraudulent phone calls, phishing, pretexting.
Phishing
An email is sent to a large number of people from a large list of email addresses that has been obtained. The email pretends to be from a reputable company or trusted source but is actually trying to gain personal information/commit fraud/gain usernames and passwords.
Pretexting
A scammer will send a fake text message, pretending to be from the government or human resources of a company, this scam is used to trick an individual into giving out confidential data.
Fraudulent phone calls
Pretending to be someone else to gain access to their account or their details.
Causes of social engineering
People are seen as the weak point in a system because human errors can lead to significant issues, some of which include:
Not locking doors to computer/server rooms
Not locking their device when they’re not using it
Sharing passwords
Not encrypting data
Not keeping operating systems or anti-malware software up to date
Brute force attack
A brute force attack works by an attacker repeatedly trying multiple combinations of a user’s password to try and gain unauthorised access to their accounts or devices.
Dictionary attack
A second form of brute force attack, commonly used for passwords is a dictionary attack.
This method tries popular words or phrases for hackers to guess the password as quickly as possible
Popular words and phrases such as ‘password’, ‘1234’ and ‘qwerty’ will be checked extremely quickly.
Denial of service attack
A Denial of Service Attack (DoS attack) occurs when an attacker repeatedly sends requests to a server to flood the server with traffic, causing it to overload the system.
The server will slow down to the point of becoming unusable.
Distributed denial of service attack
There is also a larger-scale version of DoS known as a Distributed Denial of Service (DDoS) attack.
This works in a similar way to a DoS attack, with the main difference being that the traffic comes from multiple distributed devices in a coordinated attack on a single server/network.
A network of compromised devices, called a botnet can be used to facilitate a DDoS attack.
A botnet consists of numerous internet-connected devices, that have been infected with malware and can be controlled remotely by an attacker.
Purpose of a DoS attack
A DoS attack will prevent customers from accessing or using a service.
This will result in companies losing money and not being able to carry out their daily duties.
A DoS attack can cause damage to a company’s reputation.
Data interception and theft
Data interception and theft is when thieves or hackers can compromise usernames and passwords as well as other sensitive data.
This is done by using devices such as a packet sniffer.
A packet sniffer will be able to collect the data that is being transferred on a network.
A thief can use this data to gain unauthorised access to websites, companies and more.
SQL
Structured Query Language (SQL) is a language used to create, access and manipulate a database.
They are most effective where there are input fields.
SQL injection
SQL injection is entering an SQL command into a web text field to manipulate the SQL query.
The goal is to insert, modify or delete data from the database.
How malware spreads
Installations - Users often willingly install malware if they are tricked into thinking that they are installing a different piece of software.
Common ‘disguises’ for malware include: Security updates, Software drivers.
Attachment - Opening attachments in emails such as Word and Excel documents can include ‘macros’.
A macro is a small program that is given permission to run on the computer. The macros can be set up to install malware.
Replication - Once one device on a network has been infected with a worm or a virus, then it becomes very easy for it to spread to other devices on the network.
The process of spreading to other computers is called self-replication.
Recognising phishing
The email will not be personally addressed.
Any links may not be to a legitimate web address / the link may not be the same as the text.
It may contain misspellings.
There may be a problem or situation that is presented, but seems suspicious.
There will normally be a request to contact a phone number, click a link or give personal information.
