Cyber security threats

Not all online content can be trusted. When using the internet, it is important to understand the threats that may occur.
Technology is rapidly evolving and as a result, the way that criminals are using the internet is also changing.

There are a number of different threats to computer systems that include:

• social engineering
• malicious code
• human error
Any risk posed to a computer system from an internet source is considered a cyber threat. These threats are often
combined to increase the probability of harm to a system. By taking steps to understand what the potential risks are,
people and businesses are able to better protect their systems and data.

. Social engineering techniques

Social engineering is manipulating people into handing over confidential information such as a PIN or password. There
are several forms:
• blagging
• phishing
• pharming
• shouldering
Blagging
Blagging is when someone makes up a story to gain a person’s interest and uses this to encourage them to give away
information about themselves, or even send money. For example, a person may receive an email that appears to be from a
friend telling them that they’re in trouble and asking them to send money.

Phishing
Similar to blagging, a phishing email will ask a person to send personal details, but pretends to be from a business. They
can often look convincing, but may contain spelling errors or URLs that do not match the business's website. When a
person clicks on these links and logs in, it sends their username and password to someone who will use it to access their
real accounts. This information might be used to steal a person’s money or identity, or the email may contain malware.

Banks will never send emails asking for personal information or usernames and passwords. If someone receives an email
that they think might be phishing, they should report it to the business the sender is claiming to be.

Pharming
Pharming is a type of cyberattack that redirects a user from a genuine website to a fake one. The fake website will often
look like the genuine one. When a person logs in, it sends their username and password to someone who will use it to
access their real accounts.

There are several ways that a pharming cyberattack can redirect traffic from a genuine website to a fake one. One
example is if the Domain Name Servers (DNS) of the website, which match the website address with the IP address of the
webserver, are hacked and the IP address is changed to become the address of the pharming site.

Shouldering
This is the simplest form of taking personal details. Shouldering is looking at someone’s information over their shoulder,
for example looking at someone enter their PIN in a shop or at a cashpoint.

A person can prevent this by using their hand to cover the keypad as they type their PIN, or being aware of people around
them when typing in PINs. Software helps protect against shouldering by masking what is typed, showing an asterisk on
the screen instead of the symbol that was entered.

. Malicious code
Malicious code is software written to harm or cause issues with a computer. This is also referred to as malware and comes
in a number of different forms. In all its forms, the code has been written to either harm or steal data from your computer
system.
 There are a number of types of malware, which include:
• viruses
• trojans
• ransomware
• spyware
• adware
Viruses
A virus is a piece of malware that infects a computer, and then replicates itself to be passed onto another computer.
Anti-virus software holds a large database of known viruses. If a program that is installing, or file that is being opened,
appears to be similar to one of these, the anti-virus software will warn the user and, depending on the type of anti-virus,
place all related files into a secure folder until it is confirmed that it is safe.

Trojans
A Trojan appears to be a piece of harmless software, often given away for free,
that contains malicious code hidden inside. This only appears once the gifted
software is installed. It was named after the Greek myth of the Trojan horse.

Ransomware
Ransomware hijacks the data on a computer system by encrypting it and
demanding that the owners pay money for it to be decrypted. Having up-to-date
anti-virus software and educating users to not open suspicious attachments will
help protect from ransomware.

Spyware
Spyware is a type of malware that collects the activity on a computer system and sends the data it collects to another
person without the owner being aware.

If a computer has been infected by spyware, it could be sending back everything that is typed, or the sites that are visited,
or even where the user is clicking on their screen. Spyware that records what is being typed is known as a keylogger.
Keyloggers attempt to find out usernames and passwords by collecting everything that is entered into the system, which
allows the hacker to search for personal data.

Most anti-virus software will also look for spyware in the same way as viruses. Specialist anti-spyware software is also
available.
Adware
Adware is software that either causes pop-ups or windows that will not close. Generally, the pop-ups or windows display
advertisements. Many anti-virus programs will detect and prevent adware infecting a computer system, but specialist anti-
adware programs also exist.

. Other cyber security threats

Weak/default passwords
Some of the most common passwords are surprisingly simple. Examples include 123456 and qwerty. Most computer
systems will provide a default password when first set up. If these are not changed, this puts computers at risk. There are
some simple rules to follow to make it harder for a computer to crack a password:
• have a password that is six or more characters long
• include upper and lower letter case letters
• include numbers
• include symbols
• avoid information that may be easy to guess such as relatives’ names or birthdays
Another way to make a password more difficult for computers to crack is to combine multiple random words that have
personal significance, but are not related. In the example below, the password could be horseguitar.
Misconfigured access rights
Access rights set up what can and cannot be seen when someone logs into a system. If these are not set up correctly in an
email server, a person may be able to see someoneelse’s emails. If a person accesses an account that they do not have
permission to see, they might be breaking the law. Read more about this in the ethical, legal, and environmental impacts
of digital technology study guide.
Removable media usage
Removable media refers to storage devices that can be removed from the computer system. This includes: USB memory
sticks, CD-ROMs, DVDs, external hard drives
If removable media contain malware, it will attempt to move onto a system when connected to a computer, and then onto
any other connected devices. If a computer is connected to others on a network, this could mean that the virus reaches
hundreds of machines.
Unpatched/outdated software
Patching is the process of updating software to fix a problem or add a new feature. Many programs will automatically
update to make sure they have the latest patches installed. This helps to ensure the program runs correctly and protects the
computer from new threats. Most anti-virus software will frequently update itself so that it is able to recognize the latest
computer viruses and malware.
These updates will always be one step behind the people creating the malware, but regularly updating and patching
software will reduce the vulnerability of a computer system.

Methods to detect and prevent cybersecurity threats

User access levels
Access levels determine the facilities a user has access to, such as: software, email, internet access, documents and data,
the ability to install and/or remove software, the ability to maintain other users' accounts
A network manager should make sure users can only access the facilities they need. For example, an office worker might
need access to productivity software, email and the internet, but not to install software or access other users' accounts.
Restriction limits the actions a user can take, thereby reducing the potential of threats.
Secure passwords
The purpose of a password is to verify who a user is. Without knowing the password, you cannot use a user ID to sign
into a network. Unfortunately, many people have user IDs and passwords for many different situations so they do not
easily remember them. They then choose simple, easy to remember passwords or use the same password for many
situations.
Ideally, a secure password should be one that is not easy to guess, and that requires at least eight characters, including at
least one uppercase letter, one number and one special character. This reduces the chances of someone easily working out
what the password is. For example: “c0Mput!ng” is harder to guess than “computing”
Additionally, the longer the password, the harder it is to work out: “c0Mput3r$c!encE” is harder to guess than
“computing”
The security methods used to access computer accounts are known as factors of authentication. These are ways to prove
that people are who they say they are. These factors can be divided into three sections:
• something a person is - fingerprint or other biometric detail
• something a person knows - passwords, PINs, secret answers
• something a person has - a phone, a smart card
Biometrics
Biometric security makes use of unique physical characteristics and features to identify people when they are using a
computer system. This form of security could be a scan of a fingerprint using the sensor built into a button on a mobile
phone, or facial recognition to unlock a mobile device.
Passwords
Keeping passwords safe is important, especially when the password allows access to sensitive or valuable information.
Some password systems help to keep passwords safe by only asking for certain characters of a password instead of the
whole thing. This helps to prevent spyware like keyloggers from stealing passwords.
CAPTCHA
CAPTCHA forms challenge humans to prove that they are indeed human. Computers
are very good at looking at text and numbers, but people are much better at
understanding images. Basic CAPTCHA forms often ask people to type in the words
they see in a picture. More sophsicated tests may ask people to solve a puzzle, for
example, finding all of the images that contain cats in a gallery of animals.

Email confirmations
When a person signs up for a new account, they often receive an email asking them to
confirm that they asked for the account to be created by clicking a specific link. This
security feature alerts them that their email is being used to create an account and acts as a way for them to prove their
identity to the company they are creating the account with.
Encryption
Encryption is the process of disguising data so that it cannot be understood. Even if a hacker gains access to encrypted
data, they will not be able to understand it.
Anti-malware
Anti-malware has three purposes: to detect malware that has been installed, to prevent malware from being installed, & to
remove malware from the system.
Anti-malware includes anti-virus software, anti-phishing tools and anti-spyware software. It works by scanning through
all the files on a computer and checking them against a list (known as definitions) of known malware. The main problem
with anti-malware is that it is reactive - it can only detect, prevent and remove known malware. When new malware is
introduced, anti-malware has to be updated to take account of the new threats. The longer the gap before anti-malware is
updated, the less protection it offers.
Firewalls
A firewall is a tool that monitors traffic going into and out of a computer or network, and either allows the traffic to pass
through or blocks it. Firewalls can be hardware-based or software-based. Hardware firewalls tend to be more expensive,
but are more effective. A firewall stops unauthorized traffic entering and leaving a network.
Penetration testing
One way to make sure a system is safe from security threats is to employ someone to test it using penetration testing. This
can reveal if there are any weaknesses that an attacker could use to get into or harm the system.
Penetration testing uses the same techniques a hacker would try, but the aim is to identify the weaknesses, rather than
stealing data or damaging the system. Black-box penetration testing is used to simulate a hacking attempt that is external
to the company, whereas white-box penetration testing simulates a malicious insider who might have knowledge of how
the computer systems are set up. When a system is breached, this can cause bad financial and reputational damage for the
company involved. Penetration testing aims to identify the weaknesses within a system.
Automatic software updates
By regularly updating the software on a computer, users are as protected as they can possibly be. Setting automatic
updates means a computer system will attempt to install patches or fixes as soon as they are available by searching for
them on a regular basis. If this task was left to users, it would be easier for them to forget or ignore the updates.