How External Threats Occur

An external threat is the risk of someone from outside a company who attempts to cause damage to systems or steal data.

These can be much harder to deal with than internal threats, as you cannot monitor people from the outside like you can employees, nor can you predict what they might do next.

In this lesson, we will learn about:

1. Malicious software (malware)
2. Hacking by individuals, companies and governments
3. Sabotage by individuals, terrorist organisations, companies and governments
4. Social engineering techniques used to deceive people into giving out information

Malware stands for malicious software and covers a variety of computer programs that perform attacks on a system.

We often use the term “virus” interchangeably with “malware”, but in reality, a virus is only one form of malware.

Some of the most common examples of malware are:

• Viruses
• Worms
• Trojans
• Spyware
• Ransomware
• Rootkits

Let’s look at each of these in more detail.

Virus

A malicious program that harms the operation of a computer system, such as by deleting files.

As the name suggests, viruses spread from computer to computer, attached to a legitimate piece of software or file.

Worm

Similar to viruses, except they do not require the need to attach themselves to programs/files. Instead, once on your system, it copies itself and spreads on its own via an internet/network connection.

Trojan

Malicious code disguised as a legitimate piece of software but containing a harmful payload.

Users will download and install the program thinking it will provide a legitimate function, but behind the scenes, it is causing damage, such as installing keyloggers, adding you to a botnet, or deleting data.

Spyware

Gains access to the system and works in the background to monitor a user’s actions (keylogging for a password, downloading files, etc.).

This information is then commonly used for further attacks or as part of identity/bank fraud.

Ransomware

This refers to malicious software that infects computer systems and secretly encrypts local files. It then asks for a fee or other demand to unlock and decrypt the data.

Rootkits

This is used to get unauthorised remote administrator access to a computer or network. It can then be used to steal data or hide other malware within the system.

Hacking is a general term that describes the exploitation of vulnerabilities in a computer system to gain unauthorised access to the system and its data.

The method of attack is known as the “attack vector” and often involves exploiting vulnerabilities in areas like Wi-Fi, Bluetooth, the internet connection or through gaining internal network access.

We’ll learn more about how these are vulnerabilities as we work through this course.

There is a broad range of possible motivations, depending on whether it is carried out by an individual, company, or government.

If carried out by an individual, it is very hard to discern their motivation as it could be anything from profit to protest to recreation.

Many hacking groups claim to be performing their actions for a political or social agenda, so-called hacktivists. However, many more will do it simply to cause harm.

Meanwhile, companies and governments are much clearer about what they want: to evaluate their weaknesses, make a profit, or gather information.

Companies may use hacking to conduct corporate espionage, finding out about their competitors’ plans, products, and finances.

Governments may use it for political espionage, spying on their rival countries.

Companies and governments will also hire others to hack themselves.

So-called “white hat” hacking is used to detect system vulnerabilities so that they can prevent threats from malicious “black hat” hackers.

Sabotage is a general term that describes an activity used to deliberately disrupt services, typically through the use of:

• Denial of service attacks
• Distributing malware
• Physically destroy computer equipment.

This can be carried out by individuals, terrorist organisations, companies or governments.

However, unlike hacking, which may be more about gaining information or nuisance purposes, sabotage is specifically malicious, with the goal of causing damage.

This is clearly intended to hinder the victim’s ability to perform normal functions. If proper recovery procedures have not been implemented by those harmed, this can have a catastrophic impact.

Social engineering allows attackers to access a system without using technical hacking techniques. Instead, it uses human psychology and social techniques to manipulate individuals into handing over private information.

Social engineering doesn’t even need to involve technology; it can be done face-to-face, by letter, or over the phone.

Two common examples of social engineering are:

• Phishing
• Shoulder surfing

Let’s look at each of these in more detail.

Phishing

This usually takes place via an email or phone service and involves an electronic message being sent to an individual containing some form of request (often to click a link or return information).

The attacker usually pretends to be a legitimate business.

The goal is to either get the victim to reveal information, such as login or bank details, or to infect their device with a virus that will allow for data to be stolen later.

Shoulder Surfing

The process of observing an individual in a physical location to obtain information, such as looking over someone’s shoulder.

This technique can be used to gain information such as pin numbers or passwords.

Malware is software designed to cause harm to you or your computer.

Examples of malware are viruses, worms, trojans, spyware, ransomware and rootkits.

Hacking involves exploiting vulnerabilities in computer systems in order to gain unauthorised access.

Sabotage has the aim of deliberately disrupting computer services, such as through denial-of-service attacks, malware or by physically damaging equipment.

Social engineering allows attackers to gain information and access to a system without using technical hacking techniques.