Computer Science (9210) | Cyber security threats

Welcome to the World of Digital Defense!

Hey there! Ready to dive into one of the most exciting and important parts of Computer Science? This chapter is all about understanding the bad guys—or rather, the cyber security threats—that exist online. Think of this as learning how to build a strong digital fortress! 🏰

Don't worry if some of these terms sound scary. We will break down every attack into simple, clear steps. By the end, you'll not only know what these threats are but also how to spot them and protect yourself and others.

Let's get started on securing the digital future!

1. Understanding the Concept of Cyber Security Threats

A Cyber Security Threat is anything that has the potential to harm a computer system, network, or the data stored on it. These threats usually try to achieve one of three things (we call this the CIA Triad, which you’ll study more later):

• Steal or access confidential data (Confidentiality)
• Change or destroy data (Integrity)
• Stop users from accessing the system (Availability)

---

2. Malware: The Digital Illness

Malware is short for Malicious Software. It’s any program or code designed specifically to cause damage, gain unauthorised access, or disrupt system operation.

Key Types of Malware You Need to Know:

1. Viruses

A virus is a type of malware that needs a host program (like a document or an application) to attach itself to. It requires a user action (like opening the infected file) to run, and it aims to replicate and spread to other files and systems.

• Analogy: Just like a biological virus, it needs a host cell (a program) to activate and multiply.

2. Spyware

This software secretly observes and records the user’s activity without their knowledge. Its main goal is to capture sensitive information.

• Example: A type of spyware called a keylogger records every single keystroke you make (passwords, messages, credit card numbers).

3. Ransomware

Ransomware is one of the most disruptive threats today. Once installed, it encrypts (locks) all your files and data, making them inaccessible. The attacker then demands a ransom (a payment, usually in cryptocurrency) in exchange for the decryption key.

• Analogy: It’s like a digital kidnapper holding your data hostage.

---

3. Phishing: The Digital Trick

Phishing is a form of social engineering where attackers trick individuals into revealing sensitive information, such as usernames, passwords, and credit card details.

How Phishing Works (The Bait):

The attacker sends communication (usually email, but sometimes text or social media messages) that looks like it comes from a legitimate, trustworthy source—like a bank, a government agency, or a major online service (Netflix, Amazon).

The message usually contains:

1. Urgency: "Your account has been suspended! Click here immediately to reactivate it."
2. A Malicious Link: This link takes the victim to a fake website that looks identical to the real company's login page.
3. Data Theft: When the victim enters their username and password on the fake site, the attacker captures the information instantly.

Did you know? Phishing gets its name because the attackers are "fishing" for personal information (P.H.ishing).

Key Takeaway: Always check the sender's email address and hover over links (without clicking!) to see the true destination URL. If it looks suspicious, close it!

---

4. Brute Force Attacks: The Persistent Guesser

A Brute Force Attack is a method used to gain access to an account or encrypted data by trying every possible combination of passwords or encryption keys until the correct one is found.

Step-by-Step Process:

1. The attacker targets a specific login page (e.g., your email).
2. They use automated software (a "bot").
3. The software rapidly tries millions of combinations: "a", "aa", "aab", "123456", "password", etc.

This attack relies purely on computer processing power and speed.

How to Defend Against It (Crucial Point):

The longer and more complex your password is (using a mix of upper case, lower case, numbers, and symbols), the exponentially longer it takes a computer to guess it. A short password might take seconds; a 12-character complex password might take thousands of years!

---

5. Denial of Service (DoS/DDoS): The Digital Traffic Jam

A Denial of Service (DoS) attack is designed to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services.

The simplest way to do this is to overload the system with so many requests that it cannot handle legitimate user traffic and either slows down to a crawl or completely crashes (denying service).

DoS vs. DDoS (The Difference Matters!)

1. DoS (Denial of Service):

The attack is launched from a single computer system.

2. DDoS (Distributed Denial of Service):

The attack is launched simultaneously from many different compromised computer systems. These compromised systems are often called a botnet (a network of "robots" or zombie computers controlled by the attacker).

• Analogy: A DoS attack is one person calling a shop continuously until the line is jammed. A DDoS attack is thousands of people calling the shop simultaneously—it has no chance of answering legitimate customers.

DDoS attacks are much harder to stop because the traffic is coming from so many different places.

---

6. Data Interception and Theft

This threat involves capturing data as it travels across a network, often without the user or sender knowing it has been copied.

Packet Sniffing

When data travels over the internet, it is broken down into small chunks called packets. Tools known as packet sniffers (or network protocol analysers) can be used legally by network administrators to monitor traffic, but they can also be used maliciously.

The Threat: If the data is sent unencrypted (not scrambled), an attacker who intercepts the packets can easily read the contents, including sensitive information like passwords or private messages.

• Where is this common? On public Wi-Fi networks where connections might not be secure (e.g., cafés or airports).

Defence Hint: Always look for HTTPS in the URL. The 'S' stands for secure, meaning the data is encrypted before it leaves your computer, making it useless to a sniffer!

---

7. SQL Injection (The Code Command)

This is a more technical attack, so take it slowly! SQL stands for Structured Query Language, which is used to manage and retrieve data from a database (like customer records, product details, or user accounts).

A SQL Injection attack occurs when an attacker inputs malicious SQL code into an application's input field (like a login box or a search bar) instead of normal data.

How It Works (Simplified):

The application is expecting a username (data), but the attacker provides SQL commands (code). If the application is poorly secured, it mistakes the malicious input for a legitimate command and executes it on the database.

• Goal of the Attack: To bypass the login, view all the customer data in the database, or even delete the entire database.
• Analogy: Imagine signing a form, but instead of writing your name, you write a secret instruction that tells the person reading the form to shred all the other paperwork.

Key Takeaway: Developers must validate and sanitise (clean) all user inputs to ensure they are treated as data, not as code commands.

---

8. Poor Network Policy and User Vulnerability

Sometimes, the greatest threat isn't a complex piece of malware, but human error or poor rules set by an organisation. These issues act as vulnerabilities (weak points) that allow attacks to succeed.

Common Vulnerabilities Linked to Poor Policy:

1. Weak Passwords (The Easiest Entrance):

If users choose easily guessable passwords (like "123456" or "dog"), brute force attacks become trivial.

2. Unpatched Software:

Software developers frequently release updates (patches) to fix newly discovered security weaknesses. If users or companies delay installing these patches, they leave the system vulnerable to known attacks.

3. Lack of Staff Training:

Staff who are not trained to spot phishing emails or understand the risks of opening suspicious attachments are the weakest link in any security system.

4. Default Settings:

Many hardware devices (like routers or IoT devices) come with default usernames and passwords (e.g., Admin/password). If these are not changed, attackers can easily find them online and gain access.