Chapter 6: Cyber Security

avatar
Created by
aciidic tootoxic

Cards (109)

  • Cyber security consists of the methods and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access
  • Cyber security means protecting systems from theft or damage
  • A cyber-attack is a malicious attempt to damage or disrupt a computer network or system
  • Social engineering
    The use of deception to target people, including computer users, into giving away personal or confidential information
  • Blagging
    A method of social engineering where the attacker pretends to be somebody else
  • Blagging
    • Pretending to be from the bank's fraud team to get account details
  • Phishing
    A form of fraud where the cyber-attacker uses an email or SMS text message to persuade the victim to click on a hyperlink and then enter personal information
  • Phishing email
    • Clues it is fake: sender email not from real company, website address not real, spelling/grammar errors, asked to open attachment, urgent action
  • Shouldering
    A method used to watch what a user is doing on a computer, usually to get a password
  • Malicious code
    Software designed to prevent a computer working properly, gather information without the user knowing, gain unauthorised access, or display unwanted advertising
  • Computer virus
    A piece of software designed to cause deliberate harm to data and copy itself to other computers
  • Slammer virus

    • Infected half the servers running the internet in 15 minutes, caused major problems like 911 services failing, flights cancelled, ATMs crashing, estimated $1bn cost
  • Spyware
    Software that collects information about a person or organisation without the user's knowledge
  • Keyloggers
    A specific type of spyware that can track a user's keystrokes
  • Malware can infect computers when new data is introduced to the computer, such as through USB storage devices, memory cards, recordable optical disks, across a network, from the Internet, opening an infected attachment on an e-mail or any other method where data can be transferred
  • Worm
    Like a virus, but it copies itself across a network to other computer systems without any user action and without needing to be attached to a host file
  • Viruses
    • Slammer infected half the servers that ran the Internet after just 15 minutes of infecting its first victim, causing major problems such as America's 911 services failing, flights being cancelled and the Bank of America's ATM service crashing. It's estimated it cost the US economy $1bn
  • Watch http://tiny.cc/5viruses to find out about the 5 worst computer viruses ever
  • Spyware
    Software that collects information about a person or organisation without the user's knowledge. Keyloggers, a specific type of spyware, can track a user's keystrokes to find out what is being typed, including passwords. This information can be used to pass on to advertisers or it can be used to find out usernames and passwords and hack into a user's bank account. Spyware can be hidden within freeware software so that the authors of the software can gain an income from advertisers who want to gather information about user activity
  • Watch http://tiny.cc/spyware to find out about different types of spyware
  • Adware
    Software that will display adverts on a computer or collect data about the user that can be used for marketing. Adware is often included within freeware software, which is a legitimate way for the developer to make money as they are giving the software away for free. Adware can also be installed without the user's knowledge when the user visits an infected website and clicks on a download link, leading to unwanted adverts such as pop-up windows, a change of search engine or a change of browser home page. The information that the adware collects about the user can be used to deliver targeted adverts that relate to the user
  • Trojan
    Pretends to be something that it is not. It can often be disguised as genuine software, but does something different, or it could be hidden within genuine software. The installation program for a Trojan can be disguised within a web page or a dialog box that the user unwittingly clicks on. Many software download sites include advertisements that fool the user into thinking that the advertisement is the download button and so the user clicks on the wrong download button and accidentally installs malware instead of the intended software. They can also be email attachments disguised as documents
  • Watch http://tiny.cc/malwaretypes about the differences between different types of malware
  • Watch http://tiny.cc/troyfilm from the film "Troy" to find out where the phrase "Trojan Horse" originated
  • Trojan
    • A window that looks like anti-virus software finding a virus, but is actually a malicious pop-up window that will install spyware if the user clicks on "Remove All" or "Close"
    • A file named winword.exe which would normally run Microsoft Word, but is actually a Trojan
  • Activity - malware
    1. Find out what the Cascade virus does
    2. Find out what the Trojan 78Crack-A does and search for a video of it in action
    3. Find out what the Worm Sdbot-ZY does
    4. 4a. Find out what the Search-Results toolbar Adware does
    5. 4b. How could users avoid accidentally installing Adware such as Search-Results toolbar?
    6. Find out about the Foot n Mouth and NastyFriend hoaxes
  • Pharming
    A cyber-attack that re-directs website traffic to a fake site. The victim will attempt to visit a genuine website but the website that appears is not the real one. This can happen when the domain name is directed to a different IP address which can be done using the victim's computer's hosts file. A more sophisticated attack would change the IP address for a domain name on a DNS server. The victim is then likely to enter login, credit card or personal information believing that the site is genuine
  • Watch http://tiny.cc/ecrime from e-Crime Wales for advice on how to spot Phishing & Pharming scams
  • Watch http://tiny.cc/pharming about how a pharming attack takes place using a false IP address on a DNS server
  • Pharming
    Farming for information
  • Cyber-attack
    A malicious attempt to damage, disrupt or gain unauthorized access to a computer system
  • Cyber threat
    Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or society through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service
  • Cyber security
    The protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide
  • Social engineering methods
    1. Blagging - a hacker pretends to be an employee of a bank
    2. Phishing - use of an email message to persuade a user to click on a fake hyperlink and enter bank information
    3. Shouldering - watching what a user is doing on a computer to find out what their password is
  • 3 clues that an email might be part of a social engineering attack
  • Malicious code
    Collective name for any malicious software including viruses, Trojans, spyware and adware
  • One effect of a virus
  • One way a virus can be introduced to a computer system
  • Keylogger
    An example of spyware
  • Adware
    • Can include unwanted adverts such as pop-up windows, a change of search engine or a change of browser home page