Threats to Digital Systems (Edexcel GCSE Computer Science)
Revision Note
Written by: Robert Hampton
Reviewed by: James Woodhouse
Malware
What is malware?
Malware (malicious software) is the term used for any software that has been created with malicious intent to cause harm to a computer system
Examples of issues caused by malware include
Files being deleted, corrupted or encrypted
Internet connection becoming slow or unusable
Computer crashing or shutting down
There are various types of malware and each has slightly different issues which they cause
Malware | What it does |
---|---|
Virus |
|
Worms |
|
Trojan |
|
Key loggers |
|
Ransomware |
|
How Hackers Exploit Vulnerabilities
What is a hacker?
A hacker is a criminal who exploits technical vulnerabilities to break into computer systems and networks
Hackers seek out opportunities that make this possible, this includes:
Unpatched software
Out-of-date anti-malware
Unpatched software
Software is often released in a less than perfect state and flaws/vulnerabilities may exist which can provide an opportunity for hackers
Unpatched software can lead to:
Data breaches
Installation of malware
Out-of-date anti-malware
Anti-malware that is out-of-date is not effective at protecting against new threats
Malware threats have a unique signature called a 'definition' which is used to protect against them
Out-of-date anti-malware will not have an updated list of definitions
Out-of-date anti-malware can lead to:
Data loss
Identify theft
Financial loss
Social Engineering
What is social engineering?
Social engineering is exploiting weaknesses in a computer system by targeting the people that use or have access to them
Social engineering is the art of manipulating people so they give up confidential information
Blagging (pretexting)
The art of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances
E.g. a scammer will send a fake text message, pretending to be from the government or human resources of a company, this scam is used to trick an individual into giving out confidential data
Phishing
Sending fraudulent emails/SMS to a large number of people, claiming to be from a reputable company or trusted source to try and gain access to your details, often by coaxing the user to click on a login button/link
Baiting
Using deception to lure a victim into a trap
Victims are lured by the offer of something appealing such as:
Something for free
A chance to win a prize
Exclusive access
Sensationalised headings (fake news)
Once interest is shown, the hacker sets the trap, the trap could include:
Sending malicious links or attachments
Directing to a fake website
Quid pro quo
A technique which preys on a persons desire to repay a kind gesture by doing something in return (something for something)
Similar to baiting but usually involves the offer of a service after giving information
An example of quid pro quo could be:
Offering to fix an infected computer but needing security credentials to be able to do it
How can you protect against it?
The best way to protect an individual from the threat of social engineering is to ensure the proper training/education has taken place
What questions to ask to determine authenticity (blagging)
What to look for in an email/SMS (phishing)
Being aware of surroundings/location (shouldering)
Worked Example
Explain one way that digital systems may be vulnerable to cyberattacks when users do not properly maintain their software [2]
Answer
Software may contain security bugs (1) because it is unpatched (1)
Anti-malware may not identify an attack (1) because the virus definitions are out of date (1)
Last updated:
You've read 0 of your 5 free revision notes this week
Sign up now. It’s free!
Did this page help you?