3 – Rise of the Bots

🎯 Learning Objectives

Develop the Communication and Networks Learning Strands:

  • Describe different forms of attack in the context of cybersecurity
  • Understand automated forms of cyberattack
  • Analyse a real cyberattack and identify the network or software weaknesses that enabled it to happen
💬 Key Vocabulary

  • Brute force attacks
  • SQL injection
  • data breach/data interception
  • denial of service attack (DoS attack)
  • distributed denial of service attack (DDoS attack)
  • zombie
  • keylogger
  • poor network policy
  • weak and default passwords
  • removable media
  • outdated software
  • malicious code
  • virus
  • worm
  • Trojan
  • spyware
  • exploit
  • malware

📝 Starter Activity – White hat hacker humour

Detective: “How did the hacker escape?”

White hat hacker: “I don’t know, he just ________!”

Can you guess the missing word in the punchline?

Now open a blank Word document or get a blank piece of paper.

Write down three pieces of advice that you think that the general public need to know to help them avoid falling for scams.

  • Don’t rush to reply to unsolicited emails; take your time to see if any of the features of a phishing scam are present
  • Don’t give out your data too freely; think about what the receiver is going to do with the data
  • Be aware of your physical environment; look around you when typing passwords
  • If in doubt, contact the fraud department of the organisation that has contacted you, to find out if the email is genuine—for example, if you are contacted unexpectedly by your bank

📝 Malware definition

Malware (short for ‘malicious software’) is programming or code that is used to disrupt computers by:

  • Gathering sensitive information
  • Gaining access to private computer systems
  • Displaying unwanted advertising
  • Distributing the performance of a computer or network

Write down the above definition of malware in your notes.

Can you think of the names of any type of malware? Get into pairs and use the internet to make a list and add it to your notes.

📖 How we categorise attacks

  • By how the attack or malware is delivered: Trojan horse, network attacks
  • By how the malware spreads and self-replicates: Virus or worm
  • By what the attack or malware does: Ransomware, spyware, adware, data breaches

We will now look at each of these categories and the types of attacks they contain.

📖 How is malware delivered?

Trojans

  • Clicking on a malicious link on a website or in an email
  • Downloading a malicious file from a website
  • Inserting an infected USB or CD into a device
  • Downloading an application from the internet

Trojan horses in cybersecurity

Metaphorically, a ‘Trojan horse’ has come to refer to any trick that causes the target to invite an enemy into a securely protected place. A malicious computer program that tricks users into willingly running it is called a ‘Trojan horse’ or simply a ‘Trojan’. They can be delivered via internet downloads, infected USBs (or other removable storage), or as email attachments. 

Creating a zombie

Trojan horses can be responsible for the creation of zombies. In computing, a zombie is a computer connected to the internet that has been compromised by a hacker, virus, or Trojan horse program and can be used to perform various malicious tasks under remote direction. Botnets of zombie computers are often used to spread email spam and launch denial of service (DoS) attacks. 

Network attacks

Without security measures and controls in place, networks and data might be subject to attack.

The most common types of network attack are:

  • Data breaches
  • Denial of service (DoS)
  • Distributed denial of service (DDoS)
  • SQL injection

Data breaches

A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual who is not authorised to do so. It is also known as data interception.

Such breaches can be caused by DoS, DDoS, or SQL injection and are made possible by poorly planned user access rights, inefficient patching of software updates, poor staff training, and lack of anti-virus software. In addition, brute force attacks can occur when an attacker systematically submits guessed passwords with the hope of eventually guessing correctly.

 

Denial of service attack (DoS)

A denial of service attack (DoS attack) is a cyberattack in which the criminal makes a network resource unavailable to its intended users, by flooding the targeted machine or website with lots of requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

 

Distributed denial of service attack (DDoS)

In a distributed denial of service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack by simply blocking a single source.

A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter and so disrupting trade.

 

SQL injection attack

SQL stands for Structured Query Language and is a computer language that is used to communicate with databases.

SQL injection occurs when malicious SQL statements are inserted into an entry field for execution. It exploits an error in an application’s software design.

For example, when user input is not controlled by proper validation. When designing a database that is often accessed through a website, a programmer has to plan to fend off such an attack.

Follow the steps in the interactive simulator below to help you understand how SQL injection attacks are carried out:

SQL simulation

 

📖  How do viruses and worms spread?

Virus: A virus usually embeds itself into existing software on a device; when the software is run the virus will spread to other executable files.

Worm: While worms are also self-replicating, they don’t need to infect an existing program. Worms are able to spread very rapidly, infecting large numbers of machines.

📝 What do these types of malware do?

Find out what the three types of malware do below and and them to your notes.

Ransomware

 

Spyware

 

Adware

 

📝 Ransomware case study – WannaCry

An exploit is code that takes advantage of a security vulnerability in an operating system, application, or any other software code, including application plug-ins or software libraries.

The owners of the code typically issue a fix, or patch, when the exploit is discovered.

Watch the BBC News video. What is the name of the exploit that was used in the WannaCry case?

 

In this short video, Computerphile explains why the exploit was successful. Watch the video and be ready to answer:

  1. How did WannaCry spread?
  2. What type of malware is WannaCry?
  3. Who can share the blame for the spread of WannaCry?

 

🏅 Badge it

Upload your Word file or a photo of your paper that contains the notes and answers to questions that you have made throughout this lesson to www.bournetolearn.com.

🥈 Silver Badge

You have completed the notes on how malware is delivered.

🥇 Gold Badge

You have also completed the notes on how malware spreads and what they do.

🥉 Platinum Badge

You have also completed the case study on the WannaCry attack.

In this lesson, you…

Understood automated forms of cyberattack.

Analysed a real cyberattack and identified the network or software weaknesses that enabled it to happen.

Next lesson, you will…

Learn about the different ways to protect software systems