Section 5 Flashcards

1
Q

What is hacking?

A

Hacking means finding weaknesses in an established system and exploiting them, for example, unauthorised access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What might a hacker be motivated by?

A

Profit
Protest
Challenge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is white hat hacking?

A

This is where the hacker is given permission to hack into systems to identify any loopholes or vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is grey hat hacking?

A

This is where the hacker hacks into computer systems for fun or to troll but without malicious intent towards the computer system.
If a grey hat hacker finds a weakness, they often ask for a fee; companies often pay this rather than risk having their vulnerabilities exposed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is black hat hacking?

A

Hacking with malicious intent. This intent can include theft, exploiting the data stole or seen, and selling the data on. Black hat hackers carry out illegal hacking activities and can be prosecuted.
Black hat hackers use randomware to prevent the owners from accessing their own computer system until they pay a sum of money.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is social engineering?

A

The art of manipulating people so that confidential information can be found out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name the six types of social engineering:

A

Phishing
Baiting
Pretexting
Quid pro quo
Tailgating/ piggybacking
Shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is phishing?

A

Phishing uses a fake website that looks identical to the real one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is baiting?

A

Similar to phishing.
Cybercriminals make a promise of goods to get the information they need.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is pretexting?

A

Pretexting is when a cybercriminal lies to get data or information.
Usually involves a scam, where the criminal pretends to need the information to confirm the identity of the person they’re talking to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Quid pro quo?

A

Quid pro quo tries to disable anti-virus software so that software updates, usually malware, can be installed to gain access to a computer system.
Similar to baiting, but promises a service rather than goods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is tailgating/ piggybacking?

A

Means trying to gain access to a secure building or room. Takes the form of a person who doesn’t have the authority to enter following someone through the doors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is shoulder surfing?

A

Shoulder surfing aims to steal data or information. It’s when a person’s private and confidential information is seen.
For example, an attacker may stand very close to someone in a crowded place when using a cash machine or device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is malware (malicious software)?

A

It is installed on a computer system and collects information about users without their knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Name 6 types of malware:

A

Viruses
Worms
Trojan Horses
Spyware
Key logging
Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are viruses?

A

Programs that replicate themselves on a system by modifying programs and inserting their own code.
The virus could enter the system due to software vulnerabilities or be activated as a result of clicking on a link within a message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are worms?

A

A type of virus that infects the computer without the user’s knowledge.
Worms are created to modify or delete files to steal data. Another way a worm can cause damage is by duplicating itself so many times that it exhausts the system’s resources, so it runs more and more slowly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a Trojan horse?

A

A type of virus that enters the system in the form of a legitimate program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is spyware?

A

A program that collects data from a computer system and sends it to a third party without the user’s consent.
As the name suggests, it is designed to spy on you.
It collects login and account details, and feeds this information back to the program creator without you having any idea this is happening.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is key logging?

A

A form of spyware.
An activity-monitoring program that logs everything you type on your keyboard, and sends this information to the creator of the program. In this way, the cybercriminal gets access to your passwords and other sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is ransomware?

A

Ransomware is created to prevent someone from accessing data on their computer. The software encrypts the files and the cybercriminal demands a random payment in exchange for the decryption key.
In a busy world, organisations can be tempted to pay the money as it is possibly the cheapest and easiest option to restore access to their files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is Distributed Denial of Service (DDoS)?

A

DDoS is an attack designed to disrupt or deny an organisation’s service.
The server is bombarded with so many fake internet requests that it gradually slows down until it can no longer function; the website then crashes.

It can also affect network usage and network resources such as Internet of Things devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Give 2 examples of accidental damage.

A

Mechanical damage to hard drive
Natural disasters (fires and floods)
Unexpected power cut
Spilled drink

24
Q

What are access levels?

A

Access levels are used in organisations to limit which areas various staff can access on the computer system, and which functions they can use.

25
Q

Give 5 cyber-attack types.

A

Identity theft
Data destruction
Data manipulation
Data modification
Data theft

26
Q

What is identity theft?
And identity fraud?

A

When personal details are stolen during a cyber-attack. The details are then used to make a copy of a person, usually for illegal activity like a passport being issued.

Identity fraud could also occur. Identity theft is when the details are used to commit fraud, such as taking a loan out in someone else’s name.

27
Q

Give a famous identity fraud which happened in 2001.

A

Abraham Abdallah stole the identity of several famous people, including Steven Spielberg, in an attempt to steal millions of dollars.

28
Q

What is data destruction?

A

When stored data is destroyed. The data no longer exists.

29
Q

What is data manipulation?

A

Data is edited or manipulated to meet the needs of the cyber-security attackers.
This type of attack is usually found very quickly, for example, the attackers could change the data in a news feed in Twitter. This could result in false news being published.

30
Q

What is data modification?

A

Data is changed to meet the needs of the cyber-security attacker. The attack may not be found for some time. The attack is usually financially motivated.

31
Q

What is data theft?

A

Data is stolen (computer-based data or portable storage or mobile devices).

32
Q

What are vulnerabilities?

A

A vulnerability is a weakness that allows an attacker to launch a cyber-security attack.

33
Q

Give 3 categories of vulnerabilities you need to be aware of:

A

Environmental
Physical
System

34
Q

Give an example of environmental vulnerability.

A

Natural disasters (flooding, earthquakes, lightning strikes)

35
Q

Give two effects of environmental vulnerabilities:

A

Unusable computer system.
Data + information stored on computers are inaccessible.
Cloud could be accessible.
Buildings storing data could be damaged.
Lightning strikes > electricity surges > affect how storage devices/ computer systems operate.

36
Q

What are physical vulnerabilities?

A

Physical vulnerabilities relate to the physical computer and storage devices. The most common vulnerability is theft.

37
Q

Give two types of theft.

A

Intentional
Accidental

38
Q

Give an example of intentional theft.

A

A break-in happens and the devices are stolen.

39
Q

Give two examples of accidental theft.

A

An authorised user loses a device.
The device is then found by someone else.
The device may be returned or the contents can be used for illegal activity.
This could lead to identity theft.

40
Q

What is a system vulnerability?

A

System vulnerabilities relate to the running of the devices and computer system.

41
Q

What are patches?

A

Software must be kept up to date. Patches are issued by software vendors. These attempt to close any vulnerabilities. The vulnerabilities may have been identified by: the vendors or users of the software.

Patches can be installed automatically. When software is closing, checks are made for any patches. If patches are found these are installed automatically. The software will then close as normal. The user does not have to check for patches and so none are missed.

42
Q

Why do some software updates in real time?

A

Updates are constantly checked for when a device is connected to the internet.

This can be done automatically and the user does not have to remember to check. This makes sure no updates are missed and the software is always up to date.

43
Q

What are manual updates?

A

Manual updates can be forgotten by a user. There could be a time delay between the update being released and it being downloaded by the user. If the updates are manually scheduled the computer system may be switched off. The update may not be installed. This increases the risk of a vulnerability and an attack.

44
Q

Internet connectivity devices.

A

May not need a password to join the connection. This can increase device vulnerability and increases the risk of any device connected to the Wi-Fi network being accessed.

45
Q

The greatest vulnerability of any device or software is the USERS. They must be aware of the vulnerabilities so they do not cause any issues. These issues could compromise the security of (give two):

A

Computer devices
The computer system
The data and information

46
Q

What can social engineering be used for?

A

Persuading users to part with information such as passwords, user names/ IDs and other security codes.

47
Q

Give two points of VULNERABILITY TESTING:

A
  • Can be carried out when a computer system is running.
  • These tests identify vulnerabilities.
  • Steps can then be taken to close these before the system is attacked.
48
Q

Give two CONSEQUENCES of cyber-security attacks (business/ individuals/ both):

A

Loss (financial, data and reputation)
Disruption (operational, financial, and commercial)
Safety (individuals, equipment, and finance).

49
Q

LOSS (Financial)

A

Increased security may be needed (this is expensive - purchase, installation, maintenance).

Customers may lose confidence in the business (There could be a reduction in customers. This could lead to reduced income for the business).

50
Q

LOSS - Data

A

A range of data could be lost: financial, customer, supplier.

A backup may be available.

However, there is always a delay between the data being updated and the backup being completed.

51
Q

Loss - (Reputation)

A

The reputation of a business may suffer.

The confidence of the customers and suppliers may reduce.

This could leave to a reduction in customers.

Which could lead to less income.

52
Q

Disruption - (Operational)

A

A business will have backups of data, financial records.

However, it can take time to restore these from the backup.

This may mean the business is not able to function.

This can be because they do not have the up-to-date data.

This will have a negative impact on the business.

53
Q

Disruption - (Financial)

A

Loss of customers, leading to loss of revenue.

Possible payment of compensation.

Increased costs to improve security and computer devices including installation and maintenance.

Loss of revenue if, for example, invoices are lost.

54
Q

DISRUPTION - Commercial

A

A business may not be able to operate after an attack.

The commercial consequences depends on the function of the business.

These consequences could include: safety of individuals and/ or limited functioning leading to financial loss.

55
Q

SAFETY - Individual

A

Big Data means that many businesses, government departments and security services are linked.

An attack can lead to individuals being unsafe.

For example: (prisoners being released early. Transport links being fed incorrect data - railways and airports).

Personal data could also be stolen. These details could be sold on the dark web. This could lead to: (identity theft, burglaries).

56
Q

SAFETY - Equipment

A

People rely on internet connected equipment to carry out many tasks. These tasks include online shopping, banking.

If the internet connection devices are targeted then none of these tasks can be carried out.

57
Q

SAFETY - Finance

A

This can occur during and after the attack and during the attack: (access may be denied to a website. If the attack targeted personal data then after the attack identity theft may occur and this also has financial consequences on the person(s) affected).