Exam code:1CP2
Malware
What is malware?
-
Malware (malicious software) is the term used for any software that has been created with malicious intent to cause harm to a computer system
-
Examples of issues caused by malware include
-
Files being deleted, corrupted or encrypted
-
Internet connection becoming slow or unusable
-
Computer crashing or shutting down
-
-
There are various types of malware and each has slightly different issues which they cause
|
Malware |
What it does |
|---|---|
|
Virus |
|
|
Worms |
|
|
Trojan |
|
|
Key loggers |
|
|
Ransomware |
|
How Hackers Exploit Vulnerabilities
What is a hacker?
-
A hacker is a criminal who exploits technical vulnerabilities to break into computer systems and networks
-
Hackers seek out opportunities that make this possible, this includes:
-
Unpatched software
-
Out-of-date anti-malware
-
Unpatched software
-
Software is often released in a less than perfect state and flaws/vulnerabilities may exist which can provide an opportunity for hackers
-
Unpatched software can lead to:
-
Data breaches
-
Installation of malware
-
Out-of-date anti-malware
-
Anti-malware that is out-of-date is not effective at protecting against new threats
-
Malware threats have a unique signature called a ‘definition‘ which is used to protect against them
-
Out-of-date anti-malware will not have an updated list of definitions
-
Out-of-date anti-malware can lead to:
-
Data loss
-
Identify theft
-
Financial loss
-
Social Engineering
What is social engineering?
-
Social engineering is exploiting weaknesses in a computer system by targeting the people that use or have access to them
-
Social engineering is the art of manipulating people so they give up confidential information
Blagging (pretexting)
-
The art of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances
-
E.g. a scammer will send a fake text message, pretending to be from the government or human resources of a company, this scam is used to trick an individual into giving out confidential data
Phishing
-
Sending fraudulent emails/SMS to a large number of people, claiming to be from a reputable company or trusted source to try and gain access to your details, often by coaxing the user to click on a login button/link
Baiting
-
Using deception to lure a victim into a trap
-
Victims are lured by the offer of something appealing such as:
-
Something for free
-
A chance to win a prize
-
Exclusive access
-
Sensationalised headings (fake news)
-
-
Once interest is shown, the hacker sets the trap, the trap could include:
-
Sending malicious links or attachments
-
Directing to a fake website
-
Quid pro quo
-
A technique which preys on a persons desire to repay a kind gesture by doing something in return (something for something)
-
Similar to baiting but usually involves the offer of a service after giving information
-
An example of quid pro quo could be:
-
Offering to fix an infected computer but needing security credentials to be able to do it
-
How can you protect against it?
-
The best way to protect an individual from the threat of social engineering is to ensure the proper training/education has taken place
-
What questions to ask to determine authenticity (blagging)
-
What to look for in an email/SMS (phishing)
-
Being aware of surroundings/location (shouldering)
-
Worked Example
Explain one way that digital systems may be vulnerable to cyberattacks when users do not properly maintain their software [2]
Answer
Software may contain security bugs (1) because it is unpatched (1)
Anti-malware may not identify an attack (1) because the virus definitions are out of date (1)
Responses