Revision

This is revision for the end of year examination in computer science.

Just because there is a topic here does not mean that it will be in the examination.

Similarly, if there is a topic that is not mentioned then that does not mean that it will not be examined.

Cybersecurity fundamentals

1. Protect the device.
2. Protect the connection.
3. Protect email communication.
4. Protect and back up electronic documents and files.

Cybersecurity fundamentals: THE TOP 5 CYBER SECURITY THREATS OF 2016

While most trends are short-lived (there was a very questionable period of my life circa 2004 which proves that this is a good thing) malware seems to be one that’s here to stay. Good security practices will see you through to an extent, but staying up to date with the ones that are most common at any time is important to make sure you’re on top of the best defences and are protecting yourself as much as possible.

No matter how experienced you are, or how safe you feel, malware will always be one step ahead. With businesses big and small hitting headlines, the ‘head in the sand’ approach adopted by many no longer cuts it. Luckily with a bit of street smarts and with a few additional precautions you can take away some of the worry.

Here are the top 5 threats to look out for this year.

  1. Ransomware

Ransomware is a type of malware that encrypts your data, freezes it so that you can’t access it, and then demands money for the decryption key.

It usually can’t be reversed, unfortunately, so the only way to save yourself is to keep a backup of your files so you can be all ‘JOKE’S ON YOU SCAMMERS, I DON’T NEED MY FILES BACK’. If you don’t have a clean, separate backup of your files then avoid giving into their demands if you can; like any bully, it only encourages them.

  1. Malware

Malware refers to a whole mess of malicious software threats, from Trojan horses to adware, scareware, spyware…you get the idea. It can come in a whole bunch of different forms too, so make sure you’re updating your security software regularly, monitoring and scanning systems and not going on obviously dodgy sites which could increase the risk of picking up something undesirable.

  1. Phishing/Spam

Phishing scams impersonate legitimate emails to try and get you to click on links. They often look legit and either take you to a fake website that asks you for personal details, or deploy malware like ransomware.

The other day I had an email invoice from ‘Apple’ telling me I had bought a karaoke app (highly possible, I love karaoke) for £29.99 (less likely, I can get karaoke for the cheap price of my dignity down Chinatown on a Saturday night). It had a link telling me to click if I wanted to cancel the purchase, which obviously was my first reaction, assuming my account had been hacked. Then I stopped myself and checked the email address it was coming from, which was blatantly not Apple. I nearly fell prey to a phishing scam and I write about cyber security on roughly a weekly basis. For shame.

  1. Social Engineering

Social engineering involves an element of psychological manipulation; phishing scams are a form of social engineering but they’re becoming so prolific now they needed their own section. Other examples are ‘pretexting’ – where attackers might try and convince the victim that they’re a trusted source and need them to confirm certain system details so that they can confirm their identity – and ‘baiting’ scams, where attackers try and get users to download something, like a film or music file; which is why people streaming or downloading from illegal sites are so vulnerable to attack.

To protect against these don’t open files or emails from people you don’t know – and be extra vigilant even with people you do as scammers are getting good at impersonating trusted sources (you can get ‘link expanders’ that will help you check if links are what they say they are before you click on them). Keep your antivirus up to date, and half the battle is recognising social engineering scams and staying one step ahead, so educate yourself on what’s out there. Educate your team too; you’re only as strong as your weakest link!

  1. Zero Day

Zero day exploits are weaknesses in a system which the vendor hasn’t created a patch for, and may not even be aware of, so they are vulnerable until  a patch is applied. Zero days can be out in the wild for years until they are discovered and reported.

Unfortunately zero days aren’t picked up by vulnerability scanners, because they work by searching for known flaws, and obviously these are, as yet, unknown. Once a zero day has been discovered it becomes an N day, which then gets picked up by the vulnerability scanners. In this case, we just have to hope that someone in the online community notices and reports them before attackers get their hands on them.

These are just a flavour of what’s out there at the moment – attacks are getting increasingly sophisticated and increasingly devastating to businesses. If you’re in any doubt seek expert advice – our security arm Secarma are a pretty dab hand at that – and ask your hosting provider for additional security solutions too.

Cybersecurity - 10 Alarming Cyber Security Facts that Threaten Your Data

This may sound like a movie plot, but it’s not.

The cyber security industry is growing as you’re reading this. More specialists join the ranks, more malware is being launched every day than ever before: 230,000 new malware samples/day according to the latest statistics. Naturally, more resources are being deployed to counter cyber attacks. That’s why I thought it would be helpful to sum up 10 cyber security facts that define the current information security landscape.

One of these essential facts is the estimated annual cost for cyber crime committed globally which has added up to 100 billion dollars! And don’t think that all that money comes from hackers targeting corporations, banks or wealthy celebrities. Individual users like you and me are also targets.

Source: 2015 Cost of Cyber Crime Study: Global by Ponemon

As long as you’re connected to the Internet, you can become a victim of cyber attacks.

So that’s why we wanted to walk you through some of the most shocking cyber security facts that you maybe wish you’d known until the present moment.

These will give you a much more accurate idea of how dangerous it really is to go online without proper protection.

1.The most wanted cyber criminals in the world

On FBI’s Most Wanted List for cyber criminals you will currently find 19 individuals, each being responsible for consumer losses ranging from $350,000 to more than $100 million. They are from all over the world and huge rewards are offered for their capture.

For example, FBI’s most wanted cyber criminals at this moment are the JABBERZEUS subjects, a group of individuals involved in a wide-ranging racketeering enterprise and scheme that installed, without authorization, malicious software known as Zeus on victims’ computers. This type of financial malware was used to capture bank account numbers, passwords, personal identification numbers, and other confidential information necessary to log into online banking accounts.

Starting in September of 2011, the FBI began investigating a modified version of the Zeus Trojan, known as GameOver Zeus (GOZ), which we covered in depth. Thousands of corporations were infected with GameOver Zeus and as many as 1.2 million computers were infected prior to the take down of Zeus. It is believed GameOver Zeus is responsible for financial losses of more than $100 million USD.

How it affects you and what can you do to get protected:

  • Zero Day attacks can be powerful and very dangerous.
  • If you keep up to date with major news in the cyber security industry, it might help you identify attacks and know what to do about them.
  • Keep your software updated and take all necessary precautions to keep your financial and confidential information safe.

2. The most expensive computer virus of all times

Ever wondered how much damage a computer virus can do? Let us give you a compelling example through this next cyber security fact. MyDoom is considered to be the most expensive virus in the world and in cyber security history, having caused an estimated financial damage of $38.5 billion!

MyDoom was first spotted in January 2004 and it became the fastest-spreading email worm ever, exceeding all previous records. The virus’s origins are believed to be in Russia, but its author was never discovered.

Mydoom was mainly transmitted by email, disguised as spam email. A user might inadvertently open the attachment in the email and the worm would re-send itself to every address it could find. The original version contained a payload that did two things: it opened a backdoor into the user’s computer, allowing remote control of it, while also conducting a DDoS attack (Direct Denial Of Service) against SCO group’s website.

How it affects you and what can you do to get protected:

  • Viruses such as MyDoom can be extremely dangerous, because if a cyber criminal gains control over your computer, there’s no telling if and how you may regain control over your device.
  • Severe malware usually morphs and has a very low detection score, so antivirus solutions can’t detect it.
  • You need a proactive solution that can work as a supplement for your AV, scanning your Internet traffic and warnning you when potential threats appear, while also blocking access to hacker controlled servers and keeping your data from leaking.

3. Social media – a hackers’ favorite target

Currently, according to in depth statistics, there are more than 1.6 billion social network users worldwide with more than 64% of internet users accessing social media services online. Moreover, social networking is one of the most popular ways for online users to spend their time, and a preferred way to stay in contact with friends and families.

This is precisely why cyber attackers love social media as well! Users that spend a lot of time on social networks are very likely to click links posted by trusted friends, which hackers use to their advantage. Here are some of the most popular types of cyber attacks directed at social media platforms:

  • Like-jacking: occurs when criminals post fake Facebook “like” buttons to webpages. Users who click the button don’t “like” the page, but instead download malware.
  • Link-jacking: this is a practice used to redirect one website’s links to another which hackers use to redirect users from trusted websites to malware infected websites that hide drive-by downloads or other types of infections.
  • Phishing: the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by disguising itself as a trustworthy entity in a Facebook message or Tweet.
  • Social spam: is unwanted spam content appearing on social networks and any website with user-generated content (comments, chat, etc.). It can appear in many forms, including bulk messages, profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information.
    social media hacking heimdal security

Because social media users usually trust their circles of online friends. The result: more than 600.000 Facebook accounts are compromised every single day! Also, 1 in 10 social media users said they’ve been a victim of a cyber attack and the numbers are on the rise. Now this is a cyber security statistic which we don’t want you to become part of.

How it affects you and what can you do to get protected:

  • Don’t click any strange links.
  • Educate yourself about how cyber attacks look and work on social media platforms and learn how to protect your Facebook, LinkedIn, Twitter and Instagram accounts.
  • Install a solution that can protect you against malware and dangerous web locations.

4. 99% of computers are vulnerable to exploit kits

Cyber security fact: Oracle Java, Adobe Reader or Adobe Flash is present on 99% of computers. That means that 99% of computer users are vulnerable to exploit kits (software vulnerabilities).

Why? Because the vulnerabilities that these types of software often present are extremely critical: all it takes is one click on an infected advertising banner to give a hacker full access to your computer.

Adobe Flash has a huge number of vulnerabilities, so cyber criminals target it in the majority of their attacks. By using these security holes in Flash, attackers can infect your computer with ransomware, such as various CryptoLocker variants or Teslacrypt and CTB-Locker.

The rise of exploit kits-as-a-service and the increasing use of automation has led to more sophisticated and aggressive attacks. Without adequately protecting your browsers and your entire system, you’ll leave yourself vulnerable to a huge range of cyber threats.

How it affects you and what can you do to get protected:

  • Keep your software updated at all times (the experts say so, not just us) or install a solution that does that automatically and silently.
  • Keep your operating system up to date.
  • Install an AV solution and a supplement that can do what AV fails to do: protect your system proactively from cyber threats by scanning incoming and outgoing Internet traffic.

5. Security warning: inside jobs

Maybe you’ll be surprised to find out that a shocking 59% of employees steal proprietary corporate data when they quit or are fired. But there are more types of insider threats to get protection against:

Malicious insiders are the least frequent, but have the potential to cause significant damage due to their level of access. Administrators with privileged identities are especially risky. According to the Ponemon Institute, “data breaches that result from malicious attacks are most costly.” Exploited insiders may be “tricked” by external parties into providing data or passwords they shouldn’t.

These types of security risks is being acknowledged by companies everywhere, and strategies are put together to mitigate them:

“Almost half of European organizations believe that insider threats are now more difficult to detect, with senior IT managers being very worried about the things their own users can do with corporate data”
said Andrew Kellett, principal analyst at Ovum.

How it affects you and what can you do to get protected:

  • If a soon-to-be-ex-colleague decides to do some damage before he/she leaves the company, make sure your work goes unaffected.
  • Be careful how you manage your passwords: use a password management application, use strong passwords and change them regularly.
  • Protect your shared documents and keep updated backups of all the information you’re working on.

6. Social engineering – cyber criminals’ favorite way to manipulate victims

People are the weakest link when it comes to cyber security, which is why psychological manipulation of cyber attack victims is so common.

According to the definition, social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or system access, and the first type of attack of this kind known in history is the Trojan horse itself (not the computer virus, but the Greek mythical event).

For example, in a recent attack, an international cyber crime ring based out of Eastern Europe managed to steal $1 billion in 2 years from 100 different banks in nearly 30 countries using spear phishing emails targeting bank employees. The spear phishing technique is, by far, the most successful on the internet today, accounting for 91% of attacks!

How it affects you and what can you do to get protected:

  • Always check the recipient of an email and the source of a message.
  • Don’t click any strange links and know what a phishing attack looks like.
  • Don’t install software from untrusted sources.
  • Don’t trust people blindly and don’t give away confidential information to strangers.

7. Your government is making you more vulnerable

Cyber security fact: governments around the world are creating malware and using it as digital weapons or in espionage programs. In the past 5 years, more than a handful of government malware have been discovered (such as Stuxnet), but their origins have yet to receive full attribution.

Besides civilians and private organizations becoming collateral damage, there are also other severe consequences.

In an article on Dark Reading, some key points are made as to how governments are making all of us more vulnerable to cyber attacks:

  • Government malware accelerates the evolution of criminal malware – cyber criminals do a lot of reverse engineering on government malware, and use its tactics and technical approach to create new, more advanced malware of their own.
  • Governments have fortified zero day vulnerability black markets – Zero Day vulnerabilities auctions have become common, but governments are buying the intelligence related to these vulnerabilities and weapon zing them, instead of disclosing them responsibly, as is the norm in the cyber security industry.
  • Governments try to restrict/backdoor/break encryption – in the name of transparency and protection against cyber criminals and terrorists, governments all over the world are trying to limit every individual’s right to encrypt confidential information. This is why “cyber policies” can do more damage than good.

How it affects you and what can you do to get protected:

  • Increase your individual protection by installing an AV solution and a complementary solution that can strengthen your defenses.
  • Educate yourself about cyber security and keep an eye on news in the industry.
  • Use a VPN solution and encryption technology to protect your confidential information.

8. There is a real-time map that shows cyber attacks in action

Ever wondered how cyber attacks look at a global scale? Now you have the chance to do it with this real-time map put together by Norse.

You might notice that the U.S. is one of the favorite targets for cyber criminals. For example, Chinese attackers alone caused more than $100 million worth of damage to U.S. Department of Defense networks according to leaked documents from Edward Snowden. Back in 2012, the same department used to suffer more than 10 million cyber attacks per day, and, given the evolution of cyber criminals, we can assume that these figures have climbed dramatically since then. For example, the U.S. Navy, which receives 110.000 cyber attacks every hour.

9. Hacktivism is the main motivation that drives cyber attacks

Hacktivism accounts for half of the cyber attacks launched in the world. The term represents a subversive use of computers and computer networks to promote a political agenda. With roots in hacker culture and hacker ethics, its ends are often related to the free speech, human rights, or freedom of information.

Although it may seems like the terms has a positive spin, it really depends on who is using the term. Hacktivism can be a politically motivated technology hack, a constructive form of anarchic civil disobedience, or an undefined anti-systemic gesture. It can signal anticapitalist or political protest; it can denote anti-spam activists, security experts, or open source advocate.

Hacktivists use code, website mirroring, geo-bombing and anonymous blogging to achieve their objectives, the oldest events of this type dating back to 1989. Anonymous may be the most widely known hacktivist group in the world, but there are many others that carry on cyber attacks of this kind.

How it affects you and what can you do to get protected:

  • Be careful about the websites you visit and always make sure they use the SSL security protocol.
  • Keep your passwords long, complicated, updated often and managed through dedicated app (NEVER store them in your browser).
  • Keep your system and software updated and also keep an eye out for trouble.

10. 68% of funds lost as a result of a cyber attack were declared unrecoverable

Cyber crime is not only costly, but poses other problems as well for organizations worldwide.

It’s becoming increasingly difficult to detect cyber attacks and resolve the security issues created by them: the average time to detect a malicious or criminal attack by a global study sample of organizations was 170 days (according to a research conducted by the Ponemon Institute). Moreover, no industry is safe: all business sectors are affected to a higher or lower degree.

The same research conducted by the Ponemon Institute found the average annualized cost of cyber crime incurred by a benchmark sample of U.S. organizations was $12.7 million, representing a 96% increase since the study was initiated 5 years ago.

As a result, organizations experienced a 176% increase in the number of cyber attacks, with an average of 138 successful attacks per week, compared to 50 attacks per week when the study was initially conducted in 2010.

And what’s more worrisome is that 68% of all these funds that were lost as a result of a cyber attack were never recovered and will probably never be.

How it affects you and what can you do to get protected:

  • Keep your financial information protected by using a password manager application to enter your passwords in your online banking website.
  • Be aware of phishing attempts and never give your confidential information over email or other means of electronic communication.
  • Get additional protection through software that can detect cyber threats and block them before they infect your system and leak financial data.

No threat is too small, no protection is too strong

However big or small, cyber security threats should be treated with caution. You may not be a millionaire (yet) or a C-level manager, but that doesn’t mean that you’re protected against a potential hacker attack. Don’t spare any precautions you can take and try to develop your own protection system with the tools and information you find online, such as this list of cyber security facts.

We recently published a guide to help you choose the best antivirus solution for you and there are plenty more security guides (anti bullying in particular) you can use to secure your social media accounts, your email, your operating system and more. Use them and navigate the web with a lot more peace of mind.

Glossary

 

Glossary for Cyber security
3G The third generation of mobile phone telecommunications network that enables mobile devices to connect to the internet.
4G The fourth generation of mobile phone telecommunications network that enables mobile devices to connect to the internet.
browser An application used to view web pages, eg Internet Explorer or Google Chrome.
CISC Complex instruction set computing - a type of CPU found in desktop and laptop computers.
copyright A set of rights that prevents people copying and distributing a piece of work without the copyright holder's permission.
data Units of information. In computing there can be different data types including integers, characters, and Boolean. Data is often acted on by instructions.
FaceTime A video calling system used on Apple devices.
flash memory A form of memory in a computer that uses electronic transistors to store data.
hacking Gaining unauthorised access to a computer.
hard drive A device used to store vast amounts of data.
hardware The physical parts of a computer system, eg a graphics card, hard disk drive, CD drive etc.
IP Internet Protocol - A set of rules for communicating over the internet. IP can also stand for intellectual property.
network card A piece of hardware that connects a computer to a network.
open source A model for creating technology that promotes free access to its design and makes it free to share.
proxy server A server that is an interface between the original clients and servers on a network.
RISC Reduced instruction set computing - a type of CPU found in smartphones and tablets.
Skype Video calling and messaging software developed by Microsoft.
smartphone A mobile phone with a powerful processor that is capable of running applications and accessing the internet.
software The programs, applications and data in a computer system. Any parts of a computer system that aren't physical.
tablet A computer device a little smaller than a laptop but with a built-in touchscreen, usually without a keyboard.
video conference Where live video is streamed over the internet so that people can communicate face-to-face without being in the same room.
virus Computer code designed to damage a computer system.
web-based applications

An application that runs within a web browser.

 

 

Set work

Useful links (AQA Guides)

Questions

These are questions that relate to the AQA guides above.

Revision

These are some revision topics and example questions that will aid revision for the year 10 examination on 23rd June 2017. Just because it is in this list does not mean that its in the exam and if it is not in the list it does not mean that the topic is not inthe exam.

Mock examination

Here are the answers to the mock examination that you took in the summer.

For many students the objective here is to understand how to answer questions, to see where silly mistakes were made that cost easy marks and to appreciate how the examiner can aske questions relating to the theory that you already know.

Coursework

Here is the information regarding your coursework as well as some worked examples to show you how coursework should be written up.

The coursework will be done twice, once with the example task for practice and then the real NEA task. You will only have 20 hours in which to complete the real task; there cannot be any extra time given.