Malicious Code

Quick links

3.6

Cyber
Security

3.6.1

Cyber security
threats

3.6.1.1.

Social
engineering

3.6.1.2

Malicious
code

3.6.2

Methods to detect and prevent
cyber security threats

3.6.3

Questions on
cyber security

 

Useful
links

Syllabus content

Content   Additional Information

Understand and be able to explain the following cyber security threats:

  • social engineering techniques
  • malicious code
  • weak and default passwords
  • misconfigured access rights
  • removable media
  • unpatched and/or outdated software.
   
     
Explain what penetration testing is and what it is used for.  

Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. Students should understand that the aim of a white-box penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system. Students should understand that the aim of a black-box penetration test is to simulate an external hacking or cyber warfare attack. (more..)

 

 


Malicious Code

What Is Malicious Code?
Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Malicious code is an application security threat that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors and malicious active content.

Malicious code can take the form of:

  • Java Applets
  • ActiveX Controls
  • Scripting languages
  • Browser plug-ins
  • Pushed content

Once inside your environment, malicious code can enter network drives and propagate. Malicious code can also cause network and mail server overload by sending email messages; stealing data and passwords; deleting document files, email files or passwords; and even reformatting hard drives.

Malicious Code Threatens Enterprise Security
Malicious code can give a user remote access to a computer. This is known as an application backdoor. Backdoors may be created with malicious intent, to gain access to confidential company or customer information. But they can also be created by a programmer who wants quick access to an application for troubleshooting purposes. They can even be created inadvertently through programming errors. Regardless of their origin, all backdoors and malicious code can become a security threat if they are found and exploited by hackers or unauthorized users. As applications today tend to be built more and more often with reusable components from a variety of sources with varying levels of security, malicious code can pose a significant operational risk to the enterprise. That's why so many enterprises today are turning to Veracode to secure their applications.

How to Avoid Malicious Code
One way to avoid malicious code in your applications is to add static analysis (also called “white-box” testing) to your software development lifecycle to review your code for the presence of malicious code. Veracode’s static code analysis looks at applications in non-runtime environment. This method of security testing has distinct advantages in that it can evaluate both web and non-web applications and, through advanced modeling, can detect malicious code in the software’s inputs and outputs that cannot be seen through other testing methodologies.

3.1 Fundamentals of algorithms

3.2 Programming

3.3 Fundamentals of data representation

3.4 Computer systems

3.5 Fundamentals of computer networks

3.6 Fundamentals of cyber security

3.7 Ethical, legal and environmental impacts of digital technology on wider society, including issues of privacy

3.8 Aspects of software development

Glossary and other links

Glossary of computing terms.

AQA 8520: The 2016 syllabus

General content

Keep cyber Threats from destroying your clients business

10 ways to secure your digital content

Flashpoint - Business risk intelligence report

Email secirity risk assessment inforgraphic

MimeCast email report

Cost of data breach study 2016

The cyber threat to UK businesses

Biggest cybersecurity threats in 2016

Social Engineering Report ISMG

How Identity Deception Increases the Success of Ransomware

5 Social Engineering Attacks to Watch Out For

Top 5 Social Engineering Exploit Techniques

Top 10 Social Engineering Tactics

Social Engineering Attacks: Common Techniques & How to Prevent an Attack

Hacking the mind

Understanding Social Engineering Attacks

Social Engineering - Definition

Infoseceye (Read the blog entries!)

NCSC Managing Information Risk

The cyber advisory service

NCSC_glossary

Malicious code and malware.

What is Malicious Code?

Program Security

Finding the kill switch to stop the spread of ransomware

Common Malware Types: Cybersecurity 101

Rogue Sheep

Encryption

The Story of Bob, Alice, and Eve: A Love Triangle Gone Bad (or, How I Came to Love PKI)

The Alice and Bob After Dinner Speech

History of Encryption

Past, present, and future methods of cryptography and data encryption

The Alternative History of Public-Key Cryptography

How PGP works

Beginners guide to PGP

Passwords

Identity and passwords blog

Even Jedi can't achieve Password Perfection

NCSC Password Security

63% of data breaches involve weak, default or stolen passwords

Password meter

How secure is my password?

Cyber security

NCSC 10 Steps To Cyber Security NCSC

NCSC Bring Your Own Device

NCSC Cyber Attacks

Active Cyber Defence

How Every Cyber Attack Works – A Full List

Misconfigured access rights

Lesson Plan Misconfigured Access Rights

Wireless threats

Risks of portable devices

Risks Of Portable Devices

Advert of sorts

AQA: New computer science gcse arms students with cyber security knowledge

https://cybersecuritychallenge.org.uk/novice-toolkit


The Story of Alice and Bob

(Short extract from after-dinner speech by John Gordon at The Zurich Seminar April 1984) I go to lots of conferences on Coding Theory in which complicated protocols get discussed. You know the sort of thing:

"A communicates with someone who claims to be B. So to be sure, A tests that B knows a secret number K. So A sends to B a random number X. B then forms Y by encrypting X under key K and sends Y back to A." and so on.

Because this sort of thing is is quite hard to follow, a few years ago theorists stopped using the letters A and B to represent the main players, and started calling them Alice and Bob.

So now we say "Alice communicates with someone claiming to be Bob. So to be sure, Alice tests that Bob knows a secret number K. Alice sends to Bob a random number X. Bob then forms Y by encrypting X under key K and sends Y back to Alice."

It's supposed to make it easier to understand. Now there are hundreds and hundreds of papers written about Alice and Bob. Alice and Bob have been used to illustrate all sorts of protocols and bits of coding theory in scientific papers. Over the years Alice and Bob have tried to defraud insurance companies, they've exchanged secret messages over a tapped line, and the've played poker for high stakes by mail. Now if we put together all the little details from lots of papers - a snippet from here, a snippet from there - we get a facinating picture of their lives.

This may be the first time in the history of coding theory that a definitive biography of Alice and Bob has been given.

Take Bob. Bob is often selling securities to speculators so we can be pretty sure he's a stockbroker. But from his concern about eavesdropping he is probably into something subersive on the side too.

Take Alice. From the number of times Alice tries to buy stock from him we can say she is probably a speculator. And she's also worried that her husband doesn't get to find out about her financial dealings.

So Bob is a subversive stockbroker and Alice is a two-timing speculator. But Alice has a number of serious problems. She and Bob only get to talk by telephone or by email. And in the country where they live the phone service is very expensive. And Alice and Bob are cheapskates.

So the first thing Alice must do is MINIMISE THE COST OF THE PHONE CALL.

The telephone in their country is also pretty lousy. The interference is so bad that Alice and Bob can hardly hear each other. So the second thing Alice must do is to PROTECT HER MESSAGES AGAINST ERRORS in transmission. On top of that Alice and Bob have very powerful enemies. One of their enemies the is the Tax Authority. Another is the Secret Police.

These enemies have almost unlimited resources. They always listen in to telephone conversations between Alice and Bob. This is a pity since Bob and Alice are always plotting tax frauds and overthrowing the government.

So the third thing ALICE must do is PROTECT HER COMMUNICATIONS FROM EAVESDROPPING. And these enemies are very sneaky. One of their favourite tricks is to telephone Alice and pretend to be Bob. So the fourth thing Alice has to do is to BE SURE SHE IS COMMUNICATING WITH WHOM SHE THINKS SHE IS. Well, you think, so all Alice has to do is listen very carefully to be sure she recognises Bob's voice. But no. You see Alice has never met Bob. She has no idea what his voice sounds like.

All in all Alice has a whole bunch of problems. Oh yes, and there is one more thing I forgot so say - Alice doesn't trust Bob.

Now most people in Alice's position would give up. Not Alice.She has courage which can only be described as awesome. Against all odds, over a noisy telephone line, tapped by the tax authorities and the secret police, Alice will happily attempt, with someone she doesn't trust, whom she can't hear clearly, and who is probably someone else, to fiddle her tax return and to organise a cout d'etat, while at the same time minimising the cost of the phone call.

A coding theorist is someone who doesn't think Alice is crazy. (C) John Gordon 1984