T4 - Network threats Flashcards
Prevention methods for malware
- Anti-malware, anti-virus (both are the same thing, in OCR only put one of these down not both or you will only get one mark instead of two)
-encryption
-user access levels
-firewall
-backup / recovery procedures
What is Malware:
are executable programs that run on a computer
Key info about Computer virus:
replicate their code in other programs
infect other computers
harm the computer by deleting, corrupting or modifying files
Key info about Worms:
replicates itself in order to spread to other computers
They might cause no damage to the attacked computers
They slow down networks and computers
Key info about Trojan horses:
They have a program, game or cracked file which is something the user wants
They have negative program code which causes damage, takes control, or provides access to the computer
Key info about Ransomware:
Holds a computer hostage by locking or encrypting access to it
If the data is encrypted, not even a cyber security professional will be able to recover the data unless backups are available
Once a ransom is paid to the attacker, access is restored
eg of malware
-virus
-worms
-trojan horse
-ransomware
Unpatched software
– if software and security updates are not installed then the software will be vulnerable to attacks
Out-of-date anti-malware
– if software, such as anti-virus software, isn’t regularly updated then it won’t be able to detect the latest viruses
Social engineering
- the ability to obtain confidential information by asking people for it
Shoulder surfing
- the ability to get information or passwords by observing as someone types them in
-Looking over someone’s shoulder
-Using a CCTV camera
Phishing -
Emails, texts or phone calls are sent to users commonly pretending to be from a bank or website
Email will be forged
Try to obtain = Usernames, Passwords, Credit cards details
What to look out for for phishing:
for OCR you only need to know 4 of these
- un-personalised greeting
- The sender’s address
- Forged link
- Request for personal information
- Sense of urgency
- Poor spelling and grammar
What to look out for for phishing: greeting
The phishers don’t know your name – just your email address, so the greeting is not personalised
What to look out for for phishing: - The sender’s address
is often a variation of a genuine address
Denial of service:
a hacker will use or infect a computer so that:
it sends as many requests to the server as it can (known as a flood)
the server can’t respond fast enough so slows down or goes offline
A man-in-the-middle attack (MITM):
allows the attacker to intercept communications between the user and server.
Man in the middle attack allows attacker to do what when hacked
The attacker can then:
eavesdrop to find passwords and personal information
add different information to a web page or other communication such as email
What to look out for for phishing: Forged link:
The link looks genuine, but it may not link to the website given.
What to look out for for phishing: sense of urgency
Criminals try to persuade you that something bad will happen if you don’t act fast
example of usb with malware in a workplace
Criminals sometimes leave a USB stick containing malware in a public place such as a company car park
An unsuspecting employee may pick it up and insert it into their computer
The malware can now install onto the computer so that a hacker can gain access to files, personal data and system resources
In a brute force attack:
a hacker will try every combination of password until the correct password is found
SQL injection = Structured Query Language :
is a database query language
takes advantage of web input forms to access or destroy data
commands can be input into web forms instead of the expected ‘real’ data
interpreted by vulnerable web applications and end up causing damage or releasing personal information
SQL injection stands for
= Structured Query Language :
