User and Administrator Threats
o BadApple – own workers cheating and selling
o Phishing - Acon executed using technology, typically targeted at acquiring sensitive information
or tricking someone into installing malicious software.The goal of phishing is to leverage the
reputation of a trusted firm or friend to trick the victim into performing an action or revealing
information (Click here to update info to receive your tax refund transfer ; downloading
o Social Engineering - attempts to trick or con individuals into providing information, while
phishing techniques are cons conducted through technology.( Win a free trip to Hawaii—just
answer three questions about your network.; Setting off a series of false alarms that cause the
victim to disable alarm systems; intimidation)
o Malware seeks to compromise a computing system without permission. Client PCs and a firm’s
servers are primary targets, but, malware now threatens nearly any connected system running
software, including mobile phones, embedded devices, and a firm’s networking equipment.
Some hackers will try to sneak via techniques like phishing. In another high-profile hacking
example, infected USB drives were purposely left lying around government offices.
* Malware goes by many names:
Viruses. Programs that infect other software or files. They require a running program to
spread, attaching to other program. Viruses can spread via operating systems, programs,
or the boot sector or auto-run feature of media such as DVDs or USB drives.
Worms. Programs that take advantage of security vulnerability to automatically spread,
but unlike viruses, worms do not require a program. Some worms scan for and install
themselves on vulnerable systems with stunning speed.
Trojans - try to sneak in by masquerading as something they’re not. The payload is
released when the user is duped into downloading and installing the malware cargo,
oftentimes via phishing exploits.
white hat hacker - Someone who uncovers computer weaknesses without exploiting them. The goal of
the white hat hacker is to improve system security.
black hat hacker - Acomputer criminal.
zero-day exploits-Attacks that are so new that they haven’t been clearly identified, and so they haven’t
made it into security screening systems.
Encryption-Scrambling data using a code or formula, known as a cipher, such that it is hidden from
those who do not have the unlocking key.
Data harvesters-Cybercriminals who infiltrate systems and collect data for illegal resale.
Botnets-Hordes of surreptitiously infiltrated computers, linked and controlled remotely, also known as
cash-out fraudsters-Firms that purchase assets from data harvesters.Actions may include using stolen
credit card numbers to purchase goods, creating fake accounts via identity fraud, and more.
distributed denial of service (DDoS)-An attack where a firm’s computer systems are flooded with
thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s
use. DDoS attacks are often performed via botnets.
Hack-Aterm that may, depending on the context, refer to either 1) breaking into a compu