Cyber security threats - Computer Science 8525 (Current) - AQA GCSE

Welcome to Cyber Security Threats!

In this chapter, we are going to explore the different ways that people try to attack computer systems. While computers are amazing, they can be vulnerable. Understanding these threats is the first step toward building better cyber security. Think of this like learning how a burglar might try to get into a house so you know exactly which locks to buy!

Don't worry if some of these terms sound technical. We will break them down into simple, everyday ideas. By the end of these notes, you’ll be an expert at spotting a Trojan or a Phishing attempt!

1. What is Cyber Security?

Before we look at the threats, let's define our goal. Cyber security consists of the processes, practices, and technologies designed to protect networks, computers, programs, and data from attack, damage, or unauthorised access.

Quick Review: The main purpose is to keep our digital stuff safe and private!

2. Social Engineering

This is a fancy way of saying "tricking people." Instead of trying to "hack" a computer with code, a criminal tricks a human into giving away secrets like passwords or bank details. Social engineering is the art of manipulating people so they give up confidential information.

There are three main types you need to know for your AQA exam:

A. Blagging (Pretexting)

Blagging is when someone creates an invented scenario (a "pretext") to trick you. They might pretend to be a friend in trouble or a charity worker to make you feel like you should help them.

Example: Someone calls you claiming to be from your bank's security team, saying your account is under attack and asking for your PIN to "verify" your identity.

B. Phishing

Phishing is a technique of fraudulently obtaining private information, usually using email or SMS (text messages). These messages often look official, like they are from a real company like Amazon, Netflix, or a bank.

Common Mistake: Students often confuse Blagging and Phishing. Just remember: Phishing usually involves a fake link or a mass message sent to many people at once.

C. Shouldering (Shoulder Surfing)

This is the simplest one! Shouldering is observing a person’s private information over their shoulder. This usually happens in public places.

Example: Someone watching you type your PIN into a cashpoint (ATM) or looking over your shoulder on the bus while you unlock your phone.

Key Takeaway: Social engineering targets people, not the computer's software.

3. Malicious Code (Malware)

Malware is an "umbrella term" used to refer to many different forms of hostile or intrusive software. It is code specifically designed to cause trouble. Here are the three you must know:

A. Computer Virus

A virus is a piece of code that attaches itself to a program or file. Just like a human virus, it needs to "spread" by being opened or shared by a user. Once it runs, it can delete files or make the computer crash.

B. Trojan

Named after the famous Greek wooden horse, a Trojan is malware that looks like something useful (like a free game or a helpful tool) but contains a hidden attack. Unlike a virus, it doesn't usually replicate itself, but it lets a hacker into your system through a "backdoor."

C. Spyware

Spyware secretly monitors what you are doing on your computer. It might record your keystrokes (this is called a keylogger) to steal your passwords as you type them, or it might watch your webcam.

Memory Aid: Use the V.T.S. trick: Viruses spread, Trojans hide, Spyware watches.

4. Other Cyber Security Threats

Beyond social engineering and malware, there are several other ways systems can be put at risk:

1. Pharming: This is a clever attack intended to redirect a website's traffic to a fake website. Even if you type the correct address (like www.google.com), the attacker "hijacks" the request and sends you to their own version of the site to steal your login details.

2. Weak and Default Passwords: Many people use easy-to-guess passwords like "123456" or "password". Also, many devices (like internet routers) come with a "default" password like "admin" that people forget to change. This makes it very easy for hackers to get in!

3. Misconfigured Access Rights: This happens when a system is set up incorrectly, giving a user access to files they shouldn't be able to see. For example, a student being able to see a teacher's grade book.

4. Removable Media: USB sticks can be dangerous! If someone finds a "lost" USB stick and plugs it into their computer, it might automatically run a virus or malware. Never plug in a device if you don't know where it came from.

5. Unpatched/Outdated Software: Software often has "bugs" or holes that hackers use to get in. Companies release updates (patches) to fix these holes. If you don't update your software, those holes stay open for hackers to use!

Quick Review: Keep your software updated and your passwords strong to block these common threats!

5. Penetration Testing

How do companies know if they are safe? They use Penetration Testing (or "Pentesting"). This is the process of attempting to gain access to resources without knowledge of usernames or passwords. It’s basically "ethical hacking" to find the weak spots before the real criminals do.

There are two types you need to know:

White Box Testing (Inside Attack)

The person testing the system has knowledge of the system. They might have a basic login or know how the network is built. This simulates an attack from a malicious insider (like an unhappy employee).

Black Box Testing (External Attack)

The person testing the system has no knowledge of it. They have to try to break in from the outside, just like a random hacker on the internet would. This is an external attack.

Key Takeaway: Penetration testing is used to find vulnerabilities so they can be fixed.

Final Checklist: Can you...

- Define Cyber Security?
- Explain Blagging, Phishing, and Shouldering?
- Describe the difference between a Virus, Trojan, and Spyware?
- Explain how Pharming works?
- Compare White Box and Black Box penetration testing?

If you can do all that, you're ready for any exam question on this topic! Well done!

* The content provided by thinka is generated by AI and may not always be accurate or up-to-date. Please use it as a supplementary resource and verify with official materials.