| Threat |
What it is |
How its a threat |
| Social engineering |
Social engineering is when people are tricked into giving away personal information. It includes: blagging where a made up story is used to trick the person; phishing where lots of emails or texts are sent in the hope
of tricking some into giving away personal information or clicking a link and downloading malicious software; and shouldering which is where a criminal observes someone enter their personal details such as a password or PIN. |
Blagging has cost people lots of money in scams such as being sent a text pretending to be a relative in need of money and firms have lost loads to CEO impersonation scams. If personal details are given away they might be
used to steal money and malicious software may be used to obtain more personal details such as banking logins. People cloning bank cards and observing them enter their PIN has long been a problem. With tiny cameras that can be
attached to ATMs this has become harder to spot. |
| Malicious code |
Malicious code sometimes called malware is the generic name given to all types of software designed to cause damage. This includes viruses, spyware and trojans. |
Viruses can wreak untold havoc on a network as they self replicate. Spyware is software designed to track your keystrokes and obtain personal information such as login details. Trojans allow the user a backdoor into your computer
from where they may install further malware or otherwise steal from or damage the network. |
| Pharming |
Pharming is where a fake website made to look like a real site is used. If a person logs in to the fake site then their details will be stolen and used to log in to the real site. A hacker can infect your computer so it provides the
wrong DNS information. It is also possible for a DNS server to be attacked. The user then types the address of the site they wanted but are diverted to the pharmed site. |
Attacks of these kind tend to focus on banking and commercial websites so falling victim can mean having money taken from your bank or being charged for a large string of items. |
| Weak and default passwords |
Default passwords are ones that come with a device which may be very simple or may be able to be searched up online. These are not secure and are intended to be changed. Weak passwords are ones that can be easily cracked. |
If people use weak or default passwords on a network then someone may easily be able to gain access to the network and do all sorts of damage. |
| Misconfigured access rights |
Users will have the correct rights to view the data they should be able to view. If these rights are misconfigured then some users may have access to sensitive information they should not be able to see. |
If a user were to gain administration rights on a network then they are able to install software and do a lot more damage. |
| Removable media |
Removable media may contain malicious software that could infect the network. |
A well known infiltration method is for hackers to leave branded memory sticks in a company carpark and the unsuspecting employee finds it and tries to see who it belongs to but on plugging it in infects the company network. |
| Unpatched/out of date software |
Software that is unpatched means it has a vulnerability that is known about and can be exploited by hackers. At a certain point software goes out of date. This means it is no longer being patched and therefore unsafe to use. |
Large scale damage was done to the NHS and a number of other organisations by the wannacry ransomware virus that relied on outdated or unpatched operating systems. |