A1 - Cyber Security Threats (External) Flashcards
A - Cyber Security Threats, System Vulnerabilities and Security Protection Methods
External Threats
➡ An external threat refers to the risk of somebody from the outside of a company who attempts to exploit system vulnerabilities through the use of malicious software, hacking, sabotage or social engineering.
Malicious software (malware)
➡ Malicious software encompasses a wide range of software, each of which has the purpose of causing damage to a computer system. Some are less harmful than others, for example, adware, meanwhile, others can render a hard drive inoperable,
Spyware
➡ gathers information on the user it has infected, secretly sending it away to third-party sources – this may be through the use of keyloggers, which get information from what you type, such as passwords.
Adware
➡ displays unwanted advertisements used to generate revenue, sometimes obstructing the user through the use of pop-ups that don’t disappear when you close them.
Ransomeware
➡ prevents you from accessing your computer system, often by encrypting the storage devices, and demands a sum of money to be paid in order to gain access back.
Viruses
➡ modify existing programs with malicious code and constantly replicates itself throughout a computer. They usually cause the corruption of data and applications, system failure & take up storage space or processing power.
Worms
➡ Worms perform a similar function to viruses. However, worms can replicate themselves through a network to spread to other computers, rather than through infecting files that are spread. This allows them to perform similar functions to viruses but on a much larger scale
Rootkits
➡ are used to get unauthorised remote administrator access to a computer or network. They typically spread by hiding in software that appears to offer legitimate functionality. This can then be used to steal data or hide other malware within the system.
Trojans
➡ malicious code that hides within a seemingly legitimate program. Typically, users are misled and download the Trojan themselves by thinking it’s a program they would like to use.
Hacking
➡ describes the exploitation of vulnerabilities in a computer system to gain unauthorized access to the system and its data. The method of attack is known as the “attack vector” and often involves exploiting vulnerabilities in areas like Wi-Fi, Bluetooth, the internet connection or through gaining internal network access.
Individual Hacking motive
➡ Carried out the threat by an individual, due to making money, protest or revenge known as hacktivists
Commercial Hacking motive
➡ When corporates attack their business competitors and rivals in order to gain intel and data about their plans
Government Hacking motive
➡ Companies and governments will also hire others to hack themselves. So-called “white hat” hacking, which is used to detect system vulnerabilities so that they can prevent threats from malicious “black hat” hackers.
Sabotage
➡ Sabotage is a general term that describes an activity used to deliberately disrupt services, through:
- Denial of service attack
- Distributing malware
- Physically destroy computer equipment
Social Engineering
➡ Social engineering refers to the techniques used to deceive people into revealing private and confidential information. This can then be used for bank fraud & identity fraud or to gain access to systems.
