System Security (Attacks) - Coggle Diagram
System Security (Attacks)
Forms of attack
This is where some one uses malware or other technical methods to comprise a network
When someone inside the organisation gives away access details or sensitive infomation.
When an attack eavesdrops on a network, sniffing data packets.
When someone is exploited into giving away critical information that gives access to network or accounts.
This is used to identify vulnerabilities within a networks security. This is done by a launching a controlled attack on the network.
A good penetration test will check:
Likelihood of social engineering
A test of damage recovery and control
Performed by the organisation itself or by a private contractor.
Viruses and worms
A virus is a small piece of code injected into the other programs which spread from computer to computer.
Worms are small pieces of code which spread across a network, similar to viruses but without a host program.
Trojan horse and ransomware
Trojan horse is any malware that trick the user into installing it by pretending to be a different program.
Ransomware encrypts files on an infected system and only decrypts once a payment has been made to the hacker
Gathers information about a user by tracking their activity.
Malware which modifies the computer's operating system to avoid detection by antivirus software.
Malware which opens up an access channel to a computer that other malware can use to take over the machine.
How malware spreads:
Users often willingly install malware if they are tricked into thinking that they are installing a different piece of software --> Trojan horse.
Opening attachments in emails such as word and excel documents can include macros. These are small programs that are given permission to run on a computer and can be set up to install malware.
Once a device is infected with a worm or virus then it becomes easy to spread the malware and the process of spreading from computer to computer is called self-replication.
Files get deleted, become corrupt or are encrypted
Computers crash, reboot or slow down
Internet connection becomes slow
Key bored inputs are logged and sent to the hackers
No matter how much money is spent on security human error is always a problem. This makes people a weak link in system security.
Cold calling is a popular form of this attack, people will call pretending to be a bank or utility company, they will then ask the victim to confirm details so they can access there account.
Fear is used to put people off guard and make them make irrational decisions. A common attack would be to call someone asking why there bank account has been emptied,
Company security policies --> these are instructions for employees that they must follow to uphold security.
Public awareness campaigns --> banks and governments will run education campaigns to inform people of the threat.
Education and training --> This is where people are made aware of tactics used by fraudsters.
This is a common form of social engineering attack.
Phishing makes use of fake emails and websites to trick people into giving away their data. Emails are sent to thousands of people pretending to be banks or utility providers. Victems are taken to relestic, but fake websites where they enter they login giving their data away.
Never click a link that asks to update or enter account details.
Check the senders email address is correct.
Look for clues that the email is not legitimate such as spelling mistakes or generic greetings.
May be able to access bank account to withdraw money or make purchase.
Open bank accounts and credit cards
Gain access to high value data
Brute force attack
Access corporate data
Denial of service attack
Loss of revenue due to loss of contact with costumers
Loss of reputation
Data interception and theft
Data such as passwords can be stolen
Contents of data bases can be outputted, reveals private data
Data can be amended or deleted
Rouge records can be entered
People as a weak point
People may forget to install OS updates
People may forget to update anti-malware
People may forget to lock doors to computer rooms
People may forget to log of computers
Leaving printouts on a desk