Cybersecurity threats
How external threats occur
1. Malicious software
Malicious software contains a wide range of software with the purpose of causing damage
and harm to a computer system.
Some malicious software are less harmful than others e.g. adware ( software that appears or
downloads advertising material such as banners or pop ups when a user is online).
Meanwhile others can make a hard drive not being able to use e.g such as some viruses.
Examples of malware:
- Spyware: Gathers information on the user it has protected and sends it to third party
companies. Spyware can also access information through keyloggers which track what keys
you have entered; this can lead to the spyware having access to passwords.
- Adware: Adware displays unwanted advertisements to generate revenue e.g dating sites.
Also adware obstructs the user of pop up ads that will not disappear even after the pop up
has been closed.
- Ransomware: Ransomware is when the software takes control of your computer and
prevents it from accessing your computer system. Also ransomware demands a sum of
money to be paid in order for the user to get access to the account back.
- Viruses: Viruses modify existing programs with malicious code and replicate themselves
throughout the whole computer. This usually leads to corruption of data, applications,
system failure and taking up storage spaces and processing power.
- Worms: Worms perform similar to viruses, however worms can replicate themselves and
spread and invade the network or computer system. This allows them to perform similar
functions to viruses but on a much larger scale.
- Rootkits: Rootkits are used to get unauthorised administrator access to a computer or
network. They do this by spreading and hiding in software that has legitimate functions.
This can then be used to steal data or hide other malware within the system.
- Trojans: Trojans are malicious code that hides within a legitimate program. Most of the
time users download the trojan without knowing it is a malicious software thinking that they
were downloading the program that they would like. This can result in harmful attacks such
as files being stolen, systems being overridden etc.
, 2. Hacking
Hacking is a term that describes people who exploit the vulnerabilities (weak spots) of a
computer system to gain unauthorised access to the system and to its data. The method of
attack is called an attack vector which often involves exploiting vulnerabilities in areas such
as Wi-Fi, bluetooth, internet connection or gaining internal network access.
Individuals may perform hacking for many reasons such as hacktivism or to harm the
computer system or company. The reasons for individuals to hack into a computer system
may be performing it for things such as to gain money, to protest or perform their actions for
a political and social agendas.
Companies and governments use hacking for espionage purposes such as finding out their
competitor plans, products and finances to get profit or information. Companies will hire
other qualified people to hack into their own systems so that they can locate the
vulnerabilities in their system. These are called white hat hackers.
3. Sabotage
Sabotage is a general term that describes an activity used to deliberately disrupt services,
typically through the use of:
- Denial of service attacks
- Distributing malware
- Physically destroy computer equipment
These activities can be carried out by individuals, terrorist organisations, companies or
governments. However unlike the intention of hacking which is more about gaining
information or other purposes sabotage is specifically malicious with the goal of causing
damage.
The goal of these attacks are mainly targeted with hindering the victims this can cause
catastrophic impact to people if recovery procedures have not been prepared.
4. Social engineering
Social engineering refers to the techniques used to deceive people into revealing private and
confidential information. This can then be used for bank fraud & identity fraud or to gain
access to systems.
An example of this can be phishing emails where an email is sent for the main purpose of
the user downloading malicious software but the email is pretending to be somebody they
are not e.g a big company or someone the person knows. The email will often ask the user
to click on a link which then the malicious software will be downloaded.
Even Though the phishing emails may be worded unprofessionally the person will make the
email look as legit as possible so the user thinks its a normal email when its not.
How external threats occur
1. Malicious software
Malicious software contains a wide range of software with the purpose of causing damage
and harm to a computer system.
Some malicious software are less harmful than others e.g. adware ( software that appears or
downloads advertising material such as banners or pop ups when a user is online).
Meanwhile others can make a hard drive not being able to use e.g such as some viruses.
Examples of malware:
- Spyware: Gathers information on the user it has protected and sends it to third party
companies. Spyware can also access information through keyloggers which track what keys
you have entered; this can lead to the spyware having access to passwords.
- Adware: Adware displays unwanted advertisements to generate revenue e.g dating sites.
Also adware obstructs the user of pop up ads that will not disappear even after the pop up
has been closed.
- Ransomware: Ransomware is when the software takes control of your computer and
prevents it from accessing your computer system. Also ransomware demands a sum of
money to be paid in order for the user to get access to the account back.
- Viruses: Viruses modify existing programs with malicious code and replicate themselves
throughout the whole computer. This usually leads to corruption of data, applications,
system failure and taking up storage spaces and processing power.
- Worms: Worms perform similar to viruses, however worms can replicate themselves and
spread and invade the network or computer system. This allows them to perform similar
functions to viruses but on a much larger scale.
- Rootkits: Rootkits are used to get unauthorised administrator access to a computer or
network. They do this by spreading and hiding in software that has legitimate functions.
This can then be used to steal data or hide other malware within the system.
- Trojans: Trojans are malicious code that hides within a legitimate program. Most of the
time users download the trojan without knowing it is a malicious software thinking that they
were downloading the program that they would like. This can result in harmful attacks such
as files being stolen, systems being overridden etc.
, 2. Hacking
Hacking is a term that describes people who exploit the vulnerabilities (weak spots) of a
computer system to gain unauthorised access to the system and to its data. The method of
attack is called an attack vector which often involves exploiting vulnerabilities in areas such
as Wi-Fi, bluetooth, internet connection or gaining internal network access.
Individuals may perform hacking for many reasons such as hacktivism or to harm the
computer system or company. The reasons for individuals to hack into a computer system
may be performing it for things such as to gain money, to protest or perform their actions for
a political and social agendas.
Companies and governments use hacking for espionage purposes such as finding out their
competitor plans, products and finances to get profit or information. Companies will hire
other qualified people to hack into their own systems so that they can locate the
vulnerabilities in their system. These are called white hat hackers.
3. Sabotage
Sabotage is a general term that describes an activity used to deliberately disrupt services,
typically through the use of:
- Denial of service attacks
- Distributing malware
- Physically destroy computer equipment
These activities can be carried out by individuals, terrorist organisations, companies or
governments. However unlike the intention of hacking which is more about gaining
information or other purposes sabotage is specifically malicious with the goal of causing
damage.
The goal of these attacks are mainly targeted with hindering the victims this can cause
catastrophic impact to people if recovery procedures have not been prepared.
4. Social engineering
Social engineering refers to the techniques used to deceive people into revealing private and
confidential information. This can then be used for bank fraud & identity fraud or to gain
access to systems.
An example of this can be phishing emails where an email is sent for the main purpose of
the user downloading malicious software but the email is pretending to be somebody they
are not e.g a big company or someone the person knows. The email will often ask the user
to click on a link which then the malicious software will be downloaded.
Even Though the phishing emails may be worded unprofessionally the person will make the
email look as legit as possible so the user thinks its a normal email when its not.
