4.1 Threats GapFill

There are a number of different threats that computer systems face, from both malware (malicious software designed to damage a computer system or steal data) and social engineering attacks (where the attacker tries to manipulate the users of a computer system).

Malware is a catchall term for a variety of threats. People often confuse the terms virus, worm and Trojan Horse, but there are distinct differences. A virus  causes a denial of service attackencrypts files and demands a de-encryption feereplicates automaticallyneeds the user to run it but a worm  is a software flawencrypts files and demands a de-encryption feeneeds the user to run itreplicates automatically . A Trojan Horse  causes a denial of service attackencrypts files and demands a de-encryption feespeeds up your computerappears to be a useful program.

Other malware that may be used in a cyber-security attack includes  adwarerootkitsbotnetsransomware, which displays adverts on the user's computer that generate revenue for the person who distributed the malware. A networked collection of computers with automatic scripts installed that can be accessed remotely to send spam emails or carry out a DDoS attack is called  a botneta buga ransomware attackantivirus software.

A relatively recent, and highly dangerous, threat is  a rootkitransomwareadwarea worm, which restricts access to the system's data and files, promising to restore access once the user has transferred money to the attacker. This type of threat makes news headlines when government and business IT networks are attacked.

Common social engineering techniques include physically entering a building or room by following someone else in (or pretending to be someone else – people often don’t question a delivery driver trying to gain access to a building) – this is called  pharmingbaitingtailgating quid pro quo. If someone watched you type in your password at your computer, or PIN at a cashpoint, that would be called  baitingshoulder surfingpretextingtailgating.

But there are also social engineering techniques that don’t require physical access. You should be familiar with the term ‘  quid pro quobaitingphishingshoulder surfing’ – such attacks use fake emails or texts to try to capture, say, login details from your bank. This is similar to  pretextingshoulder surfingquid pro quotailgating – when an attacker fabricates a false scenario in order to get information from a user.

Hacking is when somebody tries to gain access to a computer system which they haven't been given authorisation to use. This can come in the form of:  white boxblack hatblack boxwhite hat hacking, where a person is trying to gain access to the system to cause damage or steal data;  grey boxwhite hatblack boxgrey hat hacking, where somebody is given permission to hack the system in order to expose security vulnerabilities; and  grey boxblack boxblack hatgrey hat hacking, where someone attempts to hack a system for 'fun'.

Other common cyberattacks include  pharmingDDoSrootkitspyware attacks, which send large numbers of dummy requests to servers in order to overwhelm them and make them unavailable, and  pharmingreroutingbaitingbot attacks, which secretly redirect users from a legitimate website to a compromised website which is used to steal users' data as they enter it into what they believe is a secure website.