Y8 Formsofcomputerattacks

Watchthevideobelowofanoverviewofthetopic

Readtheslidesandwatchthevideostogiveyouabetterunderstandingonthetopic

https://www.youtube.com/watch?v=bPVaOlJ6ln0

•  Understand forms of attack and threats posed to a network:

•  Malware

•  Phishing

•  Social engineering

•  Brute force attacks

•  Denial of service attacks

•  Data interception and theft

•  SQL injection

•  Poor network policy

Objectives

Forms of cyber attack •  https://www.youtube.com/results?search_query=what+is+a+cyber+attack

•  Cybercrime can take many forms including planting viruses, acquiring and using personal or confidential data and disrupting a website or service

•  Cyber attacks take advantage of: •  Human weakness or gullibility

•  Technical weaknesses in computer systems, networks or digital devices

Social engineering •  https://www.youtube.com/watch?v=Vo1urF6S4u0

•  Humans are often the weakest point in security

•  Social engineering is the art of manipulating or ‘conning’ individuals into giving away private information or login IDs and passwords

•  Two common techniques are: •  Phishing

•  Shoulder surfing

Phishing – what’s this? •  https://www.youtube.com/watch?v=9TRR6lHviQc

•  A phishing email is one that tricks you into handing over sensitive or personal information (login details, bank details, etc.)

•  You receive what looks like a legitimate email, for example from a bank or an organisation such as PayPal or eBay

•  The website urges you to visit a bogus website and enter your personal details, which are then captured by the phishers

Does it work? •  Phishers send out hundreds of thousands

of emails that look as though they are from legitimate companies

•  For phishing to be successful, the criminals must get you to click on a link in the email to go to a website

•  A successful phishing campaign has around a 5% response rate – meaning 5% of recipients are conned!

A typical phishing email

Protecting yourself against email scams

•  Use a SPAM filter to prevent common scams ever reaching your inbox

•  Be suspicious! If you aren’t completely certain it’s genuine, NEVER click any links or download attachments

Brute force attacks •  https://www.youtube.com/watch?v=SaAwW-6wV_Q

•  In a brute force attack, a hacker may go through a list of different passwords until access to an account is gained

•  Alternatively, the attacker may try every combination of characters until the correct password is found

Setting a secure password •  Validation checks on a new password may specify

that it must be: •  between 10 and 15 characters (length check)

•  a mixture of numbers, lower and uppercase characters and symbols (format check)

•  You should never include your name, DOB or personal details

Worst passwords of 2015 •  The top ten most commonly used passwords in 2015 in the USA were:

1.  123456

2.  Password

3.  12345678

4.  Qwerty

5.  12345

6.  123456789

7.  Football

8.  1234

9.  1234567

10.  baseball

One in six people in Britain use their pet’s name as a password!

Default passwords •  Most devices come with a default password or PIN to gain access

•  The default PIN is frequently 0000 or 1234

•  Research has shown that 20% of all passwords and PINs have never been changed

•  Do you always change default passwords and PINs?

Always change the default! •  The mobile phone hacking scandal, concluded in 2012, involved the

use of default PIN numbers •  Journalists used the mobile phone numbers of prominent people to gain access to

their voicemail remotely, using a public voicemail access number

•  When asked for a PIN to listen to their messages, they tried the default PIN number which was frequently unchanged

Technical weaknesses •  Technical weaknesses can make computer

systems vulnerable to: •  Malware

•  Denial of Service (DoS) attacks

•  Data interception and theft

Viruses https://www.youtube.com/watch?v=fKxuKWsA_JI •  A computer virus is one type of malware (malicious software) which is

installed without your knowledge, with the purpose of doing harm

•  A virus is a program which infects (embeds itself in) other programs or data files

•  It is easily spread if a user innocently sends an infected file to someone else

•  It is commonly found in email attachments with macros

Worms •  A worm is another type of

malware

•  It is a standalone program that does need to attach itself to an existing program in order to spread

•  It may scan the Internet looking for vulnerable computers to infect

How do systems become infected?

•  Technical weaknesses in a computer or a network can open the door to cybercrime

•  Common sources and forms of attack include: •  USB devices

•  digital devices

•  eavesdropping

Found – a USB stick! •  Criminals sometimes leave a USB

stick contaminated with a virus lying, for example, in the car park of a company that they wish to infect with a virus or steal data from

•  An unsuspecting employee may pick it up and insert it into their computer

Viruses •  It is estimated that 25% of malware is spread through USB storage

devices

•  Other portable devices such as mobile phones, memory cards and SSD drives also create risk

•  How can you minimise these risks?

•  Scan all devices, never use a found device and disable the autorun facility for removable media

Protect your mobile phone! •  Use the password feature and choose a

strong password

•  Do not follow links in suspicious emails

•  Think carefully before posting your mobile phone number on public websites

•  Don’t install apps without researching them first – if they require extra permissions, don’t install them

•  Delete all information stored on your mobile before discarding