Embedded Files
Malware
Malware
Alternatively know as 'malicious software'. Software which can be malicious if damaging to a computer or network. Examples include:
Viruses
Worms
Trojans
Trojan
Trojan
Malicious Software designed to cause harm to a network of computer system
Attaches itself to programs or files on a computer or server
Can affect all components of an operating system
Around 82000 viruses are made each day
Famous viruses include Cryptolocker and ILOVEYOU
Worms
Worms
Replicates itself in order to spread to other computers
Often using a computer network
In order to achieve this, the worm exploits vulnerabilities across the computer network.
Unlike a virus, it does not need to attach to a program
Trojan
Trojan
Malicious computer programs
Designed to access a computer by misleading users of its intent
Example:
Email appearing to have been sent from a bank asking to download security software which would improve security. In fact the intention behind the software is to give unauthorised access to the system.
Social Engineering
Social Engineering
Social engineering is a technique used by hackers and cybercriminals to manipulate people into providing confidential information, installing malware or performing actions that may compromise their security. It involves exploiting human behavior rather than exploiting software or hardware vulnerabilities.
Relies on human interaction (social skills)
Commonly involves tricking users into breaking normal security procedures
Method does not revolve around technical cracking techniques such as worms or viruses
Computer Phishing
Computer Phishing
Form of social engineering
Designed to acquire sensitive information such as usernames, passwords, bank details etc...
Most common phishing attacks are sent through email
Telephone Phishing
Telephone Phishing
Telephone system mirroring - direct phones calls that pretend to be an official service
User may be referred to a fake customer service agent to extract more details
Data interception and theft
Data interception and theft
Data travels across networks in packets
Packets can be intercepted via wireless radio waves
Data can also be intercepted physically - e.g. stealing a person's hard drive or accessing their computer whilst they are away from their desk
Brute-force attackes
Brute-force attackes
Trial and error method
Can be used for gaining access to password-based entry systems
Consists of an attacker trying possible passwords and passphrases until a correct one is found
DoS - denial of service
DoS - denial of service
Where a computer (or many computers) is used to prevent a server from performing its tasks.
This is done by bombarding the server over and over again with requests. Eventually the server is tied up trying to handle all the DOS requests, making it very difficult for it to respond to legitimate requests.
A DDOS attack (distributed denial of service) is the same thing, but when the attack comes from multiple computers
A DoS attack is malicious, and can prevent a website from being accessible. This might be to silence a website that the malicious user disagrees with, or to extort money with the threat of a DoS attack. It can also be used as a smokescreen to hide another malicious attack happening at the same time. Some servers can be unintentionally taken down this way with a large flood of genuine users, e.g. when tickets for a new tour are released.
DDos - Distributed Denial of Service Attack
DDos - Distributed Denial of Service Attack
A Distributed Denial of Service attack (DDoS) uses a large number of computers to carry out the attack.
This is more effective because a large number of computers can generate more traffic to overwhelm the server.
SQL Injection
SQL Injection
By exploiting the vulnerabilities of SQL through injection, attackers could access systems containing customer data, intellectual property and other sensitive information.
Art style for this page - Surrealism
Page updated
Google Sites
Report abuse