CYBERSECURITY

Cybersecurity Threats
 When using the internet, it is important to understand the threats that may occur.
Technology is rapidly evolving and as a result, the way that criminals are using the
internet is also changing.
 There are a number of different threats to computer systems that include:
 Social Engineering
 Malicious code
 Human error
 Any risk posed to a computer system from an internet source is considered a cyber-threat.
 These threats are often combined to increase the probability of harm to a system.
 By taking steps to understand what the potential risks are, people and businesses are able to
better protect their systems and data.
Social Engineering Techniques
Social engineering is manipulating people into handing over confidential
information such as a PIN or password. The different Social Engineering
techniques are as follows:-
Blagging
 Blagging is when someone makes up a story to gain a person’s interest and uses this to
encourage them to give away information about themselves, or even send money.
 For example, a person may receive an email that appears to be from a friend telling
them that they’re in trouble and asking them to send money.
Phishing
 Similar to blagging, a phishing email will ask a person to send personal details, but
pretends to be from a business.
 They can often look convincing, but may contain spelling errors or URLs that do not
match the business's website.
Pharming
 Pharming is a type of cyber-attack that redirects a user from a genuine website to a
fake one.
 The fake website will often look like the genuine one.
 When a person logs in, it sends their username and password to someone who will
use it to access their real accounts.
Shouldering
 This is the simplest form of taking personal details.
 Shouldering is looking at someone’s information over their shoulder, for example
looking at someone enters their PIN in a shop or at a cashpoint.

Malicious code
Malicious code is software written to harm or cause issues with a computer. This is also
referred to as malware and comes in a number of different forms. In all its forms, the code
has been written to either harm or steal data from your computer system. The different
forms of malicious code are as follows:-
 Viruses
 A virus is a piece of malware that infects a computer, and then replicates itself to be
passed onto another computer.
 Anti-virus software holds a large database of known viruses.
 If a program that is installing, or file that is being opened, appears to be similar to
one of these, the anti-virus software will warn the user and, depending on the type of
anti- virus, place all related files into a secure folder until it is confirmed that it is
safe.
Trojans
 A Trojan appears to be a piece of harmless software, often given away for free, that
contains malicious code hidden inside.
 This only appears once the gifted software is installed.
 It was named after the Greek myth of the Trojan horse.
Ransomware
 Ransomware hijacks the data on a computer system by encrypting it and
demanding that the owners pay money for it to be decrypted.
 Having up-to-date anti-virus software and educating users to not open
suspicious attachments will help protect from ransomware.
Spyware
 Spyware is a type of malware that collects the activity on a computer system and
sends the data it collects to another person without the owner being aware.
 If a computer has been infected by spyware, it could be sending back everything that
is typed, or the sites that are visited, or even where the user is clicking on their screen.
Adware
 Adware is software that either causes pop-ups or windows that will not close.
 Generally, the pop-ups or windows display advertisements.
 Many anti-virus programs will detect and prevent adware infecting a computer
system, but specialist anti-adware programs also exist.

Other cyber security threats

Weak/default passwords
 Some of the most common passwords are surprisingly simple. Examples include
123456 and qwerty.
 Most computer systems will provide a default password when first set up. If these
are not changed, this puts computers at risk.
 There are some simple rules to follow to make it harder for a computer to crack a
password:
 have a password that is six or more characters long
 include upper and lower letter case letters
 include numbers
 include symbols
 avoid information that may be easy to guess such as relatives’ names or
birthdays
 Another way to make a password more difficult for computers to crack is to combine
multiple random words that have personal significance, but are not related. In the
example below, the password could be horseguitar.
 QUIZ:
1. Which piece of software is not malware?
a. Trojan b. Virus c. Firewall

2. Which of these is the strongest password?

a. BBCbitesize b. BBCb1t£s1z# c. BBCb1tes1z3

3. Why is it not advisable for a person to plug in a USB memory stick they found?
a. It would be illegal
b. It might not fit their device
c. It might contain malware

4. What is the purpose of patching software?

a. It updates software to make it take up less space
b. It updates software to fix bugs or add features
c. It updates software to change its coding language

5. What is black-box penetration testing?

a. A form of software testing used to simulate an external hacking attempt
b. A form of software testing used to simulate an internal hacking attempt
c. A form of software testing used to identify the strengths of a computer system

6. Which of the following is an example of pharming?

a. Someone getting an email asking them to help a friend who lost their money
b. Someone receiving an email with a link pretending to be from a business
c. Someone visiting a website that redirects them to a fake site

7. Why is a Trojan malware program known by this name?

a. It hides inside a piece of software that appears to be a normal program
b. It’s a strong piece of software that is difficult to attack
c. It hides inside an email and contains malware

8. What type of malware is a keylogger program?

a. Adware b. Virus c. Spyware

9. Which type of threat attempts to blackmail a user into making a payment to a hacker?
a. Ransomware b. Trojan c. Spyware

10. Which social engineering technique uses emails to try to trick users into giving
away personal details?
a. Shouldering b. Phishing c. Spying