How External Threats Occur

1. Malicious Software

Malicious software encompasses a wide range of software, each of which has the purpose of causing damage to a computer system. Some are less harmful than others, for example, adware, meanwhile, others can render a hard drive inoperable, for example, some viruses.

Below are some examples of the types of malware you can encounter:

• Spyware gathers information on the user it has infected, secretly sending it away to third-party sources – this may be through the use of keyloggers, which get information from what you type, such as passwords.
• Adware displays unwanted advertisements used to generate revenue, sometimes obstructing the user through the use of pop-ups that don’t disappear when you close them.
• Ransomware prevents you from accessing your computer system, often by encrypting the storage devices, and demands a sum of money to be paid in order to gain access back.
• Viruses modify existing programs with malicious code and constantly replicates itself throughout a computer. They usually cause the corruption of data and applications, system failure & take up storage space or processing power.
• Worms perform a similar function to viruses. However, worms can replicate themselves through a network to spread to other computers, rather than through infecting files that are spread. This allows them to perform similar functions to viruses but on a much larger scale.
• Rootkits are used to get unauthorised remote administrator access to a computer or network. They typically spread by hiding in software that appears to offer legitimate functionality. This can then be used to steal data or hide other malware within the system.
• Trojans are malicious code that hides within a seemingly legitimate program. Typically, users are misled and download the Trojan themselves by thinking it’s a program they would like to use.

2. Hacking

Hacking is a general term that describes the exploitation of vulnerabilities in a computer system to gain unauthorised access to the system and its data. The method of attack is known as the “attack vector” and often involves exploiting vulnerabilities in areas like Wi-Fi, Bluetooth, the internet connection or through gaining internal network access. We’ll learn more about how these are vulnerabilities as we work through this course.

There are a broad range of possible motivations, dependent on whether it is carried out by an individual, company or government.

If carried out by an individual, it is very hard to discern their motivation as it could be anything from profit to protest to recreation. Many hacking groups claim to be performing their actions for a political or social agenda, so-called hacktivists. However, many more will do it simply to cause harm.

Meanwhile, companies and governments are a lot clearer in what they want, that being to evaluate their own weaknesses, to get profit or to gather information.

Companies may use hacking for the purpose of corporate espionage, finding out about their competitor plans, products and finances. While governments may use it for political espionage, spying on their rival countries.

Companies and governments will also hire others to hack themselves. So-called “white hat” hacking, which is used to detect system vulnerabilities so that they can prevent threats from malicious “black hat” hackers.

3. Sabotage

Sabotage is a general term that describes an activity used to deliberately disrupt services, typically through the use of:

• denial of service attacks
• distributing malware
• physically destroy computer equipment.

This can be carried out by individuals, terrorist organisations, companies or governments. However, unlike with hacking where the intention may be more for gaining information, or for nuisance purposes, sabotage is specifically malicious, with the goal of causing damage.

This is clearly with the goal of hindering the victim to perform their normal functions. This can be of a catastrophic impact if proper recovery procedures have not been put in place by those harmed.

4. Social Engineering

Social engineering refers to the techniques used to deceive people into revealing private and confidential information. This can then be used for bank fraud & identity fraud or to gain access to systems.

A common form of this is through the use of phishing emails, whereby an email is sent out by a bot or person pretending to be somebody they are not. This email will often ask the user to reply with confidential data or follow a link to a web page. This web page may then request for data to be inputted or will infect the user’s computer with malware.

Even though the phishing attempts tend to be poorly worded, there will be an effort made for the emails and web pages to appear legitimate, and inexperienced computer users can easily fall for them.