Cyber Security Threats (Cambridge (CIE) IGCSE Computer Science)
Revision Note
Written by: Robert Hampton
Reviewed by: James Woodhouse
Forms of cyber security threat
Computers face a variety of forms of attack and they can cause a large number of issues for a network and computers
The main threats posed are:
Brute-force attacks
Data interception & theft
DDos attack
Hacking
Malware
Pharming
Phishing
Social engineering
Brute Force Attack
What is a brute-force attack?
A brute force attack works by an attacker repeatedly trying multiple combinations of a user's password to try and gain unauthorised access to their accounts or devices
An example of this attack would be an attacker finding out the length of a PIN code, for example, 4-digits
They would then try each possible combination until the pin was cracked, for example
0000
0001
0002
A second form of this attack, commonly used for passwords is a dictionary attack
This method tries popular words or phrases for passwords to guess the password as quickly as possible
Popular words and phrases such as 'password', '1234' and 'qwerty' will be checked extremely quickly.
Data interception
What is data interception & theft?
Data interception and theft is when thieves or hackers can compromise usernames and passwords as well as other sensitive data
This is done by using devices such as a packet sniffer
A packet sniffer will be able to collect the data that is being transferred on a network
A thief can use this data to gain unauthorised access to websites, companies and more
DDoS Attack
What is a DDoS attack?
A Distributed Denial of Service Attack (DDoS attack) is a large scale, coordinated attack designed to slow down a server to the point of it becoming unusable
A server is continually flooded with requests from multiple distributed devices preventing genuine users from accessing or using a service
A DDoS attack uses computers as 'bots', the bots act as automated tools under the attackers control, making it difficult to trace back to the original source
A DDoS attack can result in companies losing money and not being able to carry out their daily duties
A DDoS attack can cause damage to a company's reputation
Hacking
What is hacking?
Hacking is the process of identifying and exploiting weaknesses in a computer system or network to gain unauthorised access
Access can be for various malicious purposes, such as stealing data, installing malware, or disrupting operations
Hackers seek out opportunities that make this possible, this includes:
Unpatched software
Out-of-date anti-malware
Malware
What is malware?
Malware (malicious software) is the term used for any software that has been created with malicious intent to cause harm to a computer system
Examples of issues caused by malware include
Files being deleted, corrupted or encrypted
Internet connection becoming slow or unusable
Computer crashing or shutting down
There are various types of malware and each has slightly different issues which they cause
Malware | What it Does |
---|---|
Virus |
|
Worms |
|
Trojan |
|
Spyware |
|
Adware |
|
Ransomware |
|
Pharming
What is pharming?
Pharming is typing a website address into a browser and it being redirected to a 'fake' website in order to trick a user into typing in sensitive information such as passwords
An attacker attempts to alter DNS settings, the directory of websites and their matching IP addresses that is used to access websites on the internet or change a users browser settings
A user clicks a link which downloads malware
The user types in a web address which is then redirected to the fake website
How can you protect against it?
To protect against the threat of pharming:
Keep anti-malware software up to date
Check URLs regularly
Make sure the padlock icon is visible
Phishing
What is phishing?
Phishing is the process of sending fraudulent emails/SMS to a large number of people, claiming to be from a reputable company or trusted source
Phishing is an attempt to try and gain access to your details, often by coaxing the user to click on a login button/link
Social Engineering
What is social engineering?
Social engineering is exploiting weaknesses in a computer system by targeting the people that use or have access to them
There are many forms of social engineering, some examples include
Fraudulent phone calls: pretending to be someone else to gain access to their account or their details
Pretexting: A scammer will send a fake text message, pretending to be from the government or human resources of a company, this scam is used to trick an individual into giving out confidential data
People are seen as the weak point in a system because human errors can lead to significant issues, some of which include:
Not locking doors to computer/server rooms
Not logging their device when they're not using it
Sharing passwords
Not encrypting data
Not keeping operating systems or anti-malware software up to date
Worked Example
A company is concerned about a distributed denial of service (DDoS) attack.
(i) Describe what is meant by a DDoS attack.
[4]
(ii) Suggest one security device that can be used to help prevent a DDoS attack.[1]
Answers
(i) Any four from:
multiple computers are used as bots
designed to deny people access to a website
a large number / numerous requests are sent (to a server) …
… all at the same time
the server is unable to respond / struggles to respond to all the requests
the server fails / times out as a result.
(ii)
firewall OR proxy server
Last updated:
You've read 0 of your 5 free revision notes this week
Sign up now. It’s free!
Did this page help you?