What is the definition of hacking?

gaining unauthorised access to a computer system

protecting a system from malware

What is the purpose of phishing?

to trick users into providing sensitive information

to install malware on a computer

Malicious software

Y7-Malicious Software AFL

AI and Malicious Software

Reading Passage: The Anatomy of a Kill Chain In the lexicon of modern warfare, the term "kill chain" describes the end-to-end process of a military attack, from the initial identification of a target to its eventual destruction and the subsequent evaluation of the strike's effectiveness. Conceptually, the kill chain is a structural model used to understand and optimize the speed and precision of military operations. The fundamental principle of this model is that an attack functions as a sequence of interdependent stages; if any single link in the chain is broken, the entire operation fails. For strategic planners, this creates a dual objective: to accelerate one's own kill chain while simultaneously finding ways to disrupt the adversary's. Strategic Concept: The Kinetic Model (F2T2EA) The traditional military kill chain is often summarized by the acronym F2T2EA, representing a continuous cycle of find, fix, track, target, engage, and assess. The kinetic kill chain begins with Find, the reconnaissance phase where intelligence assets identify a potential target within a theater of operations. Once found, the process moves to Fix, which involves pinning down the target's specific location and ensuring it can be distinguished from friendly forces or non-combatants. Track follows, maintaining a persistent watch on the target's movements to prevent its escape. In the Target phase, commanders select the appropriate weapon system and verify the legality and strategic value of the strike. Engage is the kinetic moment—the actual deployment of ordnance against the objective. Finally, Assess involves battle damage assessment (BDA) to determine if the desired effects were achieved or if further engagement is required. This model emphasizes "compressing the sensor-to-shooter timeline," meaning the faster a military can move through these steps, the more lethal it becomes. The Evolution: The Cyber Kill Chain® As warfare expanded into the digital domain, Lockheed Martin adapted the kinetic model into the Cyber Kill Chain. This framework assists defenders in identifying and stopping Advanced Persistent Threats (APTs). Unlike a physical missile, a cyberattack often unfolds over weeks or months, but the sequential logic remains the same. The model consists of seven distinct stages: Stage Description of Attacker Activity 1. Reconnaissance The harvesting of information. Attackers research targets via social media, public records, and technical scanning to find vulnerabilities. 2. Weaponization Coupling a remote access trojan with an exploit into a deliverable payload (e.g., a malicious PDF or Microsoft Office document). 3. Delivery Transmission of the weapon to the target environment. Common vectors include email attachments, malicious websites, or USB drives. 4. Exploitation The weapon triggers. The code executes on the victim's system, typically by taking advantage of a software or operating system vulnerability. 5. Installation The attacker installs a persistent backdoor or malware on the victim's system, allowing them to maintain access even after a reboot. 6. Command & Control (C2) The compromised system opens a communication channel back to the attacker's server, allowing the intruder to give manual instructions. 7. Actions on Objective The final stage where the attacker achieves their goal, such as data exfiltration, encryption for ransom, or destruction of critical infrastructure. Strategic Implications for Defense The strategic value of the Cyber Kill Chain lies in its ability to provide a roadmap for "proactive defense." By understanding the sequence, security professionals can implement controls at every stage. For instance, robust email filtering can break the chain at the Delivery stage, while endpoint detection can stop the Installation phase. Crucially, the earlier a defender breaks the chain, the lower the cost of mitigation and the lower the risk of damage. If an attacker is stopped during Reconnaissance, they have gained nothing. If they are stopped during Actions on Objective, the damage may already be catastrophic. In both kinetic and cyber environments, the goal is the same: to create a "defensive depth" that makes the cost of a successful attack prohibitively high for the adversary.

How is personal data collected? There are several ways that an unauthorised person can try and collect your data. These include: •phishing •smishing •vishing •pharming. Phishing Phishing is when a person sends a legitimate looking email to a user. The email contains a link to a website that also looks legitimate. The user is encouraged to click the link and to input personal data into a form on the website. The email could also simply ask the user to reply to the email with their personal data. The user is tricked into giving their personal data to a source that they believe is legitimate. However, both the email and the linked website are from a fake unauthorised source. The personal data that is input is then collected by an unauthorised person. This person can then use this data for criminal acts, for example, to commit fraud or steal the person's identity. Intimidation has become a common feature of phishing emails, threatening the user that they must click the link and rectify a situation immediately, or there will be a further issue. The aim of a phishing attack is to steal the user's personal data. Figure 5.1: Phishing. A real-life example of phishing PayPal have been the subject of several different phishing emails. Users receive an email that looks as though it has been sent from PayPal, as it has the PayPal branding. The email normally warns of an issue such as unexpected activity on their account, or that some kind of verification of their account is required. The user is then asked to click a link to log into their account and resolve the issue. The link takes them to a webpage that looks like the PayPal login page. If the user inputs their login details into this page, they will not be taken to their account. It is often at this stage that the user may realise that the email and webpage are fake. However, they have already given the unauthorised person their PayPal login details. Figure 5.2: An example of a phishing email claiming to be from PayPal. How to recognise phishing There are several guidelines to be aware of regarding emails to avoid being subjected to phishing. These include: •Don't even open an email that is not from a sender that you recognise or a trusted source. •Legitimate companies will never ask you for your personal data using email. Be immediately suspicious of any email that requests your personal data. •Legitimate companies will normally address you by your name. Be suspicious of any email that addresses you as ‘Dear Member' or ‘Dear Customer'. •Legitimate companies will send an email that uses their domain name. If you hover your mouse over the sender's name, it will show the email address that the email is sent from. If this does not look legitimate, for example, does not contain the correct domain name, then it is probably fake. For example, if the sender's email is user@paypal1.com rather than user@paypal.com, this is from an incorrect domain name. •Legitimate companies are protective of their professional reputation and thoroughly check any communications. They will make sure that all information given is grammatically and correctly spelt. Be suspicious of any email that contains bad grammar or spelling mistakes. •A link in an email from a legitimate company will also normally contain the domain name of the company. You can sometimes hover over the link, or right click and inspect the link, to see the address of the URL that is attached. If the URL does not contain the domain name, or also contains typical errors such as spelling mistakes, then be suspicious of this. PRACTICAL ACTIVITY 5.02 Ask a friend or a member of your family if they have ever received an email that they believed was a phishing email. Ask them how they identified it was phishing. Ask them if they know all of the given guidelines for identifying phishing emails. Smishing Smishing (or SMS phishing) is a variant of phishing that uses SMS text messages to lure the user into providing their personal details. The user is sent an SMS text message that either contains a link to a website, in the same way that phishing does, or it will ask the user to call a telephone number to resolve an urgent issue. The same advice can be followed for smishing as given for phishing. The user must question at all times any links that are sent from an unknown or suspicious user. It is advisable that if a user believes the message may be legitimate, to type in the domain name for the legitimate company website into their web browser, rather than following the link in the message. Users should block any numbers that they believe are suspicious to prevent any further risk of smishing from that number. Figure 5.3: Smishing. Vishing Vishing (or voice phishing) has the same aim as phishing, to obtain a user's personal details. The user receives a telephone call that could either be an automated system or could be a real person. An automated voice could speak to the user and advise them that an issue has occurred, such as there has been suspicious activity regarding their bank account. The user may then be asked to call another number, or just to simply press a digit and be directed to another automated system. This system will ask them to provide their bank account details to resolve the issue. The bank account details have then been obtained by the unauthorised user and can be used to commit a crime against the user. The automated system could be replaced by a real person who will try to do the same thing. They will try to convince the user that there has been an issue with an account they have and to provide the log-in details or PIN for the account to verify who they are so the issue can be resolved. The precaution to take for vishing is that no company will ever call you and ask you to provide any log-in details or PIN details over the telephone. They may ask you to provide other personal information, and if you are in doubt that the person on the other end of the phone is legitimate, it is always advisable to put the phone down and call the company back on a legitimate number that you may already know or can obtain. Figure 5.4: Vishing. Pharming Pharming is when an unauthorised user installs malicious code on a person's hard drive or server. The malicious code is designed to redirect a user to a fake website when they type in the address of a legitimate one. The fake website is designed to look like the legitimate one, to trick the user and make sure they are not aware that their request has been redirected. The user will then enter their personal details into the fake website, believing it is the legitimate one, and the unauthorised person will now have their personal data. A common technique used in pharming is called domain name server (DNS) cache poisoning. This technique exploits vulnerabilities in the DNS and diverts the internet traffic intended for a legitimate server toward a fake one instead. The unauthorised user needs to find a way to install the malicious code on the computer. They often hide the malicious code in an email attachment or link. When the user opens the email attachment or clicks the link, the malicious code is downloaded also. Figure 5.5: Pharming. The aim of a pharming attack is also to steal a user's personal data. A real-life example of pharming In 2007 50 different companies all over the world were subject to a pharming attack, these included PayPal, eBay, Barclays bank and American Express. Over a three-day period, hackers managed to infect over 1000 PCs a day with a malicious pharming code. When users who had been infected visited the websites of the different companies, they were redirected to a legitimate-looking version of the site that was designed to steal their personal data. The original email, containing the malicious code, was set up to look like a shocking news story. Users were encouraged to click a link in the email to find out more information. The code was downloaded when the user clicked the link. This was quite a sophisticated attack that required legitimate looking websites to be set up for a large number of companies. It is not known how much money the hackers were able to retrieve as a result. How to prevent pharming All of the guidelines to avoid being subjected to phishing are also relevant for recognising pharming. There are also several other precautions that can be taken to check for pharming attacks. These include: •Have a firewall installed and operational. A firewall monitors incoming and outgoing traffic from your computer. It checks this traffic against set criteria and will flag and stop any traffic that does not meet the criteria. A firewall could detect and block suspicious traffic, such as a malicious code trying to enter your system. •Have an anti-virus program installed that is designed to detect malicious pharming code. You need to scan your computer on a regular basis to check for any malicious code. It is advisable to set up an automatic scan on a daily basis at a time when your computer will normally be switched on. •Be aware when using public Wi-Fi connections. A hacker could look to directly access your computer and install the malicious code if you are connected to a public Wi-Fi connection. It is often advisable to use a VPN when using public Wi-Fi. This will help shield your internet activity and personal details from a hacker, making it more difficult for them to access your computer. Smishing can also be used as a form of pharming. A user is sent a link, that when they click is designed to download malware onto their mobile device. Therefore, it is advisable to have security software installed on your mobile and also scan it regularly to detect any presence of malware.

Create 5 multiple choice questions in which the correct answer is a known undisguised malicious windows process and the incorrect answers are legitimate processes.

Abstention Accumulation Admission Advent Adversity Advert Alleviation Allocation Ambiguity Auction Competence Compulsion Constraint Contamination Deception Defect Deficit Designation Deterrent Exertion Expedition Expenditure Fallacy Incentive Incidence Inclination Inhibition Inquiry Interval Jeopardy Mitigation Nomination Obstruction Outbreak Predisposition Recession Reluctance Requisite Resignation Sanction Segregation Substitution Sufficiency Transaction Transmission Triumph Variance Venue Abrupt Ambiguous Arbitrary Ceaseless Compelling Complementary Comprehensive Confidential Dampening Deceptive Diligent Empirical Entitled Erroneous Evident Explicable Habitable Hectic Humid Impartial Impenetrable Indispensable Inexplicable Intact Legitimate Malicious Negligible Obsolete Peculiar Pervasive Preliminary Prominent Uninhibited Viable Vigorous Allegedly Ardently Confidentially Consecutively Disputably Exponentially Extensively Frankly Hazardously Innately Jointly

110.31.b.17.C

Related quizzes

Related quizzes