3.8: Cyber Threats
Eduqas / WJEC
What is malware?
Malware is any type of harmful program that seeks to damage or gain unauthorised access to your computer system.
A virus can replicate itself and spread from system to system by attaching itself to infected files.
A virus is only activated when opened by a human.
Once activated, a virus can change data or corrupt a system so that it stops working.
A worm can replicate itself and spread from system to system by finding weaknesses in software.
A worm does not need an infected file or human interaction to spread.
A worm can spread very quickly across a network once it has infiltrated it.
A trojan is a harmful program that looks like legitimate software so users are tricked into installing it.
A trojan secretly gives the attacker backdoor access to the system.
Trojans do not self replicate or infect other files.
Spyware secretly records the activities of a user on a computer.
The main aim of spyware is to record usernames, passwords and credit card information.
All recorded information is secretly passed back to the attacker to use.
A keylogger secretly records the key presses of a user on a computer. Data is stored or sent back to the attacker.
The main aim of a keylogger is to record usernames, passwords and credit card information.
Keyloggers can be downloaded or plugged into the USB port.
Ransomware locks files on a computer system using encryption so that a user can no longer access them.
The attacker demands money from the victim to decrypt (unlock) the data.
Attackers usually use digital currencies like bitcoin which makes it hard to trace them.
3.8b: Data Theft
Phishing is the method of misleading individuals or organisations into sharing sensitive information (such as passwords or bank details), often through the use of emails.
Phishers may pose as a trusted company like Amazon or YouTube to direct users to open malicious attachments or encourage them to follow fraudulent links to steal their data.
Social engineering means to trick others into revealing their personal data by posing as a trusted source.
For example, impersonating an IT technician of a school via email and asking for a student's username and password.
This is when data packets on a network are intercepted by a third party (e.g. a hacker) and copied to a different location than the intended destination.
Software called packet sniffers are used to intercept and analyse data packets.
Computer systems (e.g. laptops) or storage devices (e.g. USB stick) may be stolen in public or from offices.
Unwanted systems and storage media should be disposed of securely as data could be stolen from discarded information, such as old CDs or even printed paper.
3.8c: Online Threats & Attacks
Hacking is the method of exploiting weaknesses in a system or network to create, view, modify or delete files without permission.
A hacker is anyone who gains access to data or systems that they do not have authority to access.
A DoS (Denial of Service) attack is when a computer repeatedly sends requests to a server to overload the system. A server overload will slow the system and may take websites offline temporarily.
A DDoS (Distributed Denial of Service) attack is a coordinated attack using a botnet of infected systems to overload a server with requests. A botnet is a large group of devices controlled and used maliciously by an attacker.
SQL (Structured Query Language) is a programming language used for manipulating data in databases.
A SQL injection is when a malicious SQL query (command) is entered into a data input box on a website.
If the website is insecure then the SQL query can trick the website into giving unauthorised access to the website’s database.
An SQL injection can be used to view and edit the contents of a database or even gain administrator privileges.
' or 1 = 1
Brute Force Attack
In order to break a password, every possible combination is tested in order from start to finish. This is not a quick method but it should break the password eventually and can be sped up if multiple computer systems are used at the same time.
IP Address Spoofing
An attacker changes the IP address of a legitimate host so any visitors to the URL are instead taken to a spoofed (fake) web page.
This web page is used to record any inputted data (such as usernames and passwords) and send it back to the attacker. The spoofed web page can also be used to install malware.
3.8 - Cyber Threats:
3.8a - Malware:
1. What is malware? 
2a. Describe three characteristics of a virus. 
2b. Describe three characteristics of a worm. 
2c. What is a trojan? 
2d. Describe how spyware and keyloggers work. 
2e. Explain how ransomware works and why it is difficult to trace attackers. 
2f. In your opinion, which malware do you think is the most dangerous and why? 
3.8b - Data Theft:
1. Describe what is meant by 'phishing'. 
2. Give an example of social engineering. 
3. What is interception? What software is used to intercept data packets? 
4. Describe why systems and storage media should be disposed of securely. 
3.8c - Online Threats & Attacks:
1. Describe what is meant by 'hacking'. 
2a. Describe what a DoS attack is and its impact. 
2b. Describe how a DDoS attack is different to a DoS attack. 
3. Describe what an SQL injection is and how an attacker would use it. 
4. Describe what is meant by a brute force attack. 
5. Describe IP address spoofing and its purpose.