Scribd
Upload
3 views10 pages

5.3 Cyber Security

The document discusses various cyber security threats, including brute force attacks, data interception, DDoS attacks, hacking, malware, phishing, pharming, and social engineering. It emphasizes the importance of safeguarding personal and commercial data through various protective measures such as firewalls, strong passwords, and security awareness training. Additionally, it outlines the signs of potential attacks and methods to mitigate risks associated with each type of threat.

Uploaded by

knoxabyte.his
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views10 pages

5.3 Cyber Security

The document discusses various cyber security threats, including brute force attacks, data interception, DDoS attacks, hacking, malware, phishing, pharming, and social engineering. It emphasizes the importance of safeguarding personal and commercial data through various protective measures such as firewalls, strong passwords, and security awareness training. Additionally, it outlines the signs of potential attacks and methods to mitigate risks associated with each type of threat.

Uploaded by

knoxabyte.his
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Cyber security

Cyber security threats


• Keeping data safe is extremely important for many reasons. It may be personal data that you want to
keep within your family or close friends, or it may be commercial data, such as passwords and bank
details.
• Data can be corrupted or deleted either through accidental damage or malicious acts.
• There are also many ways data can be intercepted leading to cyber security threats.
Cyber threats
» brute force attacks
» data interception
» distributed denial of service (DDoS) attacks
» hacking
» malware (viruses, worms, Trojan horse, spyware, adware and ransomware)
» phishing
» pharming
» social engineering.
Brute force attacks
• If a hacker wants to ‘crack’ your password, they can systematically try all the different combinations of
letters, numbers and other symbols until eventually they find your password.
• This is known as a brute force attack and there isn’t a lot of sophistication in the technique.
Data interception
• Data interception is a form of stealing data by tapping into a wired or wireless communication link. The
intent is to compromise privacy or to obtain confidential information.
• Interception can be carried out using a packet sniffer, which examines data packets being sent over a
network. The intercepted data is sent back to the hacker.
• This is a common method when wired networks are used.
• Wi-Fi (wireless) data interception can be carried out using wardriving (or sometimes called Access Point
Mapping).
• Therefore, to safeguard against wardriving, the use of a wired equivalency privacy (WEP) encryption
protocol, together with a firewall, is recommended.
• It is also a good idea to protect the use of the wireless router by having complex passwords.
• It is important not to use Wi-Fi (wireless) connectivity in public places (such as an airport) since no data
encryption will exist and your data is then open to interception by anyone within the airport.
Distributed Denial of Service (DDoS) attacks
• A denial of service (DoS) attack is an attempt at preventing users fromaccessing part of a network,
notably an internet server.
• This is usually temporary but may be a very damaging act or a large breach of security.
• It doesn’t just affect networks; an individual can also be a target for such an attack.
The attacker may be able to prevent a user from:
» accessing their emails
» accessing websites/web pages
» accessing online services (such as banking).
• One method of attack is to flood the network with useless spam traffic.
How does this cause a problem?
• When a user enters a website’s URL in their browser, a request is sent to the web server that contains the
website or web page, the server can only handle a finite number of requests. So if it becomes overloaded
by an attacker sending out thousands of requests, it won’t be able to service a user’s legitimate request.
• This is effectively a denial of service. In a distributed denial of service (DDoS) the spam traffic originates
from many different computers, which makes it hard to block the attack.
• This can happen to a user’s email account, for example, by an attacker sending out many spam
messages to their email account. Internet service providers (ISPs) only allow a specific data quota for
each user.
• Consequently, if the attacker sends out thousands of emails to the user’s account, it will quickly become
clogged up
An individual user or a website can guard against these attacks to some degree by:
» using an up-to-date malware checker
» setting up a firewall to restrict traffic to and from the web server or user’s computer
» applying email filters to filter out unwanted traffic (for example, spam).

There are certain signs a user can look out for to see if they have become a victim of a DDoS attack:
» slow network performance (opening files or accessing certain websites)
» inability to access certain websites
» large amounts of spam email reaching the user’s email account.
Hacking
• Hacking is generally the act of gaining illegal access to a computer system without the user’s permission.
• This can lead to identity theft or the gaining of personal information; data can be deleted, passed on,
changed or corrupted.
• Hacking can be prevented through the use of firewalls, user names and frequently changed strong
passwords. Anti-hacking software and intrusion-detection software also exists in the fight against hacking.
• However, universities and companies now run courses in ethical hacking. This occurs when companies
authorise paid hackers to check out their security measures and test how robust their computer systems
are to hacking attacks.
Malware
• Malware is one of the biggest risks to the integrity and security of data on a computer system.
There are many forms of malware;
Phishing
• Phishing occurs when a cybercriminal sends out legitimate-looking emails to users. The emails may contain
links or attachments that, when initiated, take the user to a fake website; or they may trick the user into
responding with personal data (for example, bank account details or credit/debit card details).
• The email usually appears to be genuine coming from a known bank or service provider
There are numerous ways to help prevent phishing attacks:
» users need to be aware of new phishing scams; those people in industry or commerce should undergo
frequent security awareness training to become aware of how to identify phishing (and pharming) scams
» it is important not to click on any emails links unless totally certain that it is safe to do so; fake emails can
often be identified by ‘Dear Customer ……’ or ‘Dear email [email protected] ………’ and so on
» it is important to run anti-phishing toolbars on browsers (this includes tablets and mobile phones) since
these will alert the user to malicious websites contained in an email
» always look out for https or the green padlock symbol in the address bar
» regular checks of online accounts are also advisable as well as maintaining passwords on a regular basis
» ensure an up-to-date browser is running on the computer device (which contains all of the latest security
upgrades) and run a good firewall in the background at all times
» be very wary of pop-ups and use the browser to block them
• Note: another term connected to phishing is spear phishing; this is where the cybercriminal targets specific
individuals or companies to gain access to sensitive financial information, regular phishing is not specific
regarding who the victims are.
Pharming
• Pharming is malicious code installed on a user’s computer or on an infected website.
• The code redirects the user’s browser to a fake website without the user’s knowledge.
• Unlike phishing, the user doesn’t actually need to take any action for it to be initiated. The creator of the
malicious code can gain personal data, such as bank details, from the user.
• Often the website appears to come from a trusted source and can lead to fraud and identity theft.
It is possible to mitigate against the risk of pharming:
» Use of anti-virus software can detect unauthorised alterations to a website address and warn the user of
the potential risks.
» However, if the DNS server itself has been infected (rather than the user’s computer) it is much more
difficult to mitigate the risk.
» Many modern browsers can alert users to pharming and phishing attacks.
» It is very important to check the spelling of websites to ensure the web address used is correct.
» As with phishing, use of https or the green padlock symbol in the address bar is an additional form of
defence.
Social engineering
• Social engineering occurs when a cybercriminal creates a social situation that can lead to a potential
victim dropping their guard.
• It involves the manipulation of people into breaking their normal security procedures and not following
best practice. There are five types of threat that commonly exist:

You might also like