Scribd
Upload
28 views26 pages

Chapter 5 Slides (2) - CS - Y9

Uploaded by

Bavanth B
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views26 pages

Chapter 5 Slides (2) - CS - Y9

Uploaded by

Bavanth B
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Cyber Security

Threat
Cyber Security
Threats Solutions/Prevention
B: Brute-Force Attack

Activity: Can you guess my


number?
B: Brute-Force Attack
• A ‘trial and error’ method used by cybercriminals to crack
passwords by finding all possible combinations of letters,
numbers and symbols until the password is found.

• The longer a password is and the greater the variation of


characters used, the harder it will be to crack.
What will happen when too many users are on
a website at a certain point of time?
D: Distributed Denial of Service (DDOS)

• A denial of service (DoS) attack is an attempt at preventing users


from accessing part of a network, notably an internet server.

• The attacker may be able to prevent a user from:


• accessing their emails
• accessing websites/web pages
• accessing online services (such as banking).
D: Distributed Denial of Service (DDOS)
How does it attack?

When a user enters a


website's URL in their The server can only handle
browser, a request is sent to a finite number of requests.
the web server that (say: 1 million) at a time
contains the website
D: Distributed Denial of Service (DDOS)
Distributed = Many computers
Denial of Service = Deny user from How does it attack?
using a service

A criminal can use a software The server becomes overloaded and


that force thousands of won't be able to service a user's
innocent computers around legitimate request. It will slow the
the world to send a viewing website down or cause it to go offline
altogether.
request to a web server.

Sorry
can't do
x100000 it!
D: Distributed Denial of Service (DDOS)
Signs to detect a DDOS attack

Slow network performance (opening


files or accessing certain websites)

Inability to access certain websites

Large amounts of spam email


reaching the user’s email account.
D: Data Interception

• Data interception is a form of stealing data by tapping into a


wired or wireless communication link.

• The intent is to compromise privacy or to obtain confidential


information.

• Interception can be carried out using a packet sniffer, which


examines data packets being sent over a network. The
intercepted data is sent back to the hacker.
D: Data Interception
To tackle data interception

Encryption of data.
Eg. Wired Equivalency privacy (WEP)

It is important not to use Wi-Fi


(wireless) connectivity in public
places (such as an airport) since no
data encryption will exist and your
data is then open to interception by
anyone within the place.
What is data encryption?

• Encryption goes one step further than password protection and is an easy
and effective way to lessen the likelihood of a privacy breach. Encryption
scrambles information so that it is unreadable without a passcode.
H: Hacking

• Hacking is the act of gaining illegal access to a computer


system without the user's permission.

• Data can be deleted, passed on, changed or corrupted.

• Question to the class: Can encryption stop hacking?


• Question to the class: Can encryption stop hacking?

• Encryption does not stop hacking, it makes the data


meaningless.

• Solution: Firewall, strong passwords.


Malware = Malicious Code Software
M:
Malware are pieces of software that have been written and
coded with the intention of causing damage to or stealing
data from a computer or system.

There are several types of malware:

Trojan
Virus Worm Spyware Adware Ransomware
Horse
Virus
V:
• Viruses are programs or program codes that self-replicate
with the intention of deleting or corrupting files, or causing a
computer to malfunction.
• Viruses need an active host program on the target
computer or an operating system that has already been
infected, before they can actually run and cause harm.
• Viruses are often sent as email attachments, reside on infected
websites or on infected software downloaded to the user’s
computer.

Virus
Trojan Horse
T:
• A trojan horse is malware that is hidden away in the code of software
that appears to be harmless. A Trojan horse replaces all or part of
the legitimate software with the intent of carrying out some harm to
the user’s computer system.

• They need to be executed by the end-user. They usually arrive as an


email attachment or are downloaded from an infected website

• Once installed on the user’s computer, the Trojan horse will give
cyber criminals access to personal information on your computers,
such as IP addresses, passwords and other personal data.

Trojan
Horse
Worm
W:
• A type of stand-alone malware that can self-replicate. Unlike viruses,
they don't need an active host program to be opened in order to do
any damage.

• Worm replicates itself until the computer's resources are used to


their maximum capacity and no further processing can take place,
leading to system failure and crashing.

• Worms tend to be problematic because of their ability to spread


throughout a network without any action from an end-user;
whereas viruses require each end-user to somehow initiate the
virus.

Worm
Spyware
S:
• Spyware is software that gathers information by monitoring a
user’s activities carried out on their computer.

• The gathered information (bank account numbers, passwords


and credit/debit card details) is sent back to the cybercriminal
who originally sent the spyware (just like cookies).

Spyware
Adware
A:
• Adware is a software that will attempt to flood an end-user with
unwanted advertising.

• For example, it could


• redirect a user’s browser to a website that contains
promotional advertising
• appear in the form of pop-ups
• appear in the browser’s toolbar and redirect search requests

Adware
Ransomware
R:
• Ransomware are programs that encrypt data on a user’s
computer and ‘hold the data hostage’.

• The cybercriminal waits until the ransom money is paid and,


sometimes, the decryption key is then sent to the user.

Ransomware
P Phishing
• Sending out
legitimate-looking
emails designed to
trick the recipients into
giving their personal
details to the sender of
the email.
• These emails may
contain links or
attachments, when
initiated, take the user to
a fake website to enter Clickbait
personal details.
P Phishing
Ways to prevent phishing

Be aware of fake emails (eg. Dear (Your


name) and not Dear Customer)

Look out for http(s) in the address bar

Be very wary of pop-ups and use the


browser to block them
P Pharming

• Redirect user from a genuine website to a fake one, with


the hope that this goes unnoticed. They manipulate the
DNS server.

• A user may then be prompted to enter login details, and


this can then be collected by a criminal for use on the
genuine site.

• Pharming attacks occur when web servers are attacked,


and code is inserted into a website that redirects visitors
(changing the IP address).
Examples:
S Social Engineering

• This form of cyber-crime is where users are manipulated into


behaving in a way that they would not normally do.

• Five common types of threat:


• Instant messaging (malicious link embedded in message)
• Scareware (tell you that your computer is infected with virus)
• Email (genuine looking emails)
• Baiting (leave a pendrive where it can be found)
• Phone calls (asks you to download special software)

• All threats above are effective methods for introducing malware.


• The whole idea of social engineering is the exploitation of human
emotion (fear, curiosity, empathy and trust).

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy