Software which is specifically designed to disrupt, damage or gain unauthorised access to a computer system
Phishing
The fraudulent practice of sending emails purporting to be from reputable companies in order to include individuals to reveal personal information
Phishing aims to obtain
Passwords
Credit card numbers
Brute force attack
A trial-and-error method of trying passwords and pin numbers. Automated software is used to generate many consecutive guesses
Brute force attack example
Trying every word in the dictionary
Data interception and theft
The unauthorised act of stealing computer-based information from an unknowing victim with the intent of compromising privacy or obtaining confidential information
Data interception and theft example
Sniffing usernames or passwords
SQL injection
A technique used to view or change data in a database by inserting additional code into a text input box, creating a different search string
Threats
Files can be deleted
Computers crash, reboot or slow down
Internet connection becomes slow
Keyboard inputs are logged and sent to hackers (passwords compromised)
Data in data bases can be amended, outputted, or deleted
How to prevent malware
Firewall
Spam filter
Anti-virus
Anti-spyware
Anti-spam
Staff training
Penetration testing
Anti-Malware software
User access levels
Passwords
Encryption
Physical security
People as the weak link
Share passwords
Not lock doors to computer rooms
Lose laptops
Not apply security to wireless networks
Not encrypt data
Not log off their computer
Backup files regularly onto removable media (USBs)
