Lesson video
In progress...Loading...
Hello, and welcome to lesson three of security.
Now, last lesson we looked at social engineering.
So the non-automated forms of cybercrime.
Now this last one we're going to look at the more technical ways in which cybercrime is committed.
So we call that automated cybercrime.
So all you'll need for this lesson is a computer and a web browser, it's always handy to have a pen and paper.
So if you can clear away any distractions that you might have, turn your mobile phone off, find that nice, quiet place to work and when you're ready, let's get started.
Okay, so in this lesson, we're going to explore and understand those automated forms of cyber attacks.
Then we're going to move on to analyse a real cyber attack and identify the network or software weaknesses that enabled it to happen.
So let's start us off by exploring exactly what malware is.
Now malware, as in malicious software, is software that is designed to gain access to your computer with malicious intent.
So what was meant by malicious? I guess malicious means with intent to do damage or intend to cause harm.
So in this case, in the world of cybersecurity, I suppose what we're looking at here is things like disabling hardware, data theft, forced advertising, sending email spam, or extorting money.
So you can see how all those things are, once using automated attempts can cause damage or have a malicious purpose.
Okay.
Now, can you think of, bearing mind the definition of what we just talked about there, can you think of any names of any types of malware that you may might be aware of or come across? So pause the video, see if you can make a list.
It doesn't matter if there's one thing on there or 10 things on there, see if you can come up with many things you can come up with that you think are automated forms of cybercrime, but you know, have that malicious intent, okay.
So pause the video, unpause when you're ready.
Okay, so what have you come up with? So these are the ones that I came up with now.
Now of course there are others, but these are the key ones that you'll need to know about.
So we know about viruses, Trojans, worms, adware, spyware and ransomware, okay.
So let's move on and we'll cover each one of those in a bit more detail.
Now let's first of all, explore what common ways in which malware can be delivered.
So for example, it could be by clicking on a malicious link in a website or an email.
It might be downloading a malicious file from a website.
Maybe inserting an infected USB memory stick, or a CD into a device that has some malware on it then the memory stick would then infect the computer, okay.
And maybe downloading an application from the internet, okay.
So those are kind of common ways in which malware can enter onto a computer system or a network.
So let's start off by looking at viruses.
Now viruses are termed that way, because they're meant to be like a human virus in the form that it's self replicating like a human virus is.
So viruses are malicious forms of self replicating software.
Now once the computer, so once on a computer or a network, a virus will replicates itself by maliciously modifying other computer programmes and inserting code.
So basically this code that is enabled by the virus causes some damage, but the key here is itself replicates, therefore it, once it comes in contact with other systems or other files, then it also passes on the virus to them as well.
Now, worms, I might've, you might've heard of the term worms before.
Now worms replicate themselves, so they self replicating, but they do not attach themselves to files like a virus does.
Instead, what worms do is they spread through the network and use up the system's resources.
So most worms cause problems by using, using up network bandwidth and therefore slowing down the network significantly.
So rather than causing that malicious intent and damaging files, they just replicate themselves and create a huge amount of bandwidth.
So you'd notice that if you were trying to log onto the system, for example, and this is a worm, everything starts running really slowly.
Okay, so a Trojan.
Now, what I like about all these forms by the way is the fact that they come from terms that we already understand in a non-computing context.
Okay, so we know what an actual worm is.
It wriggles it's way.
We know what an actual human virus is.
So what's the relation here with a Trojan? Now hopefully if you know any Greek mythology and we'll come onto that in a second, but that's where it comes from.
Now what a Trojan is a piece of software that appears to perform a useful function, such as a game, but unbeknown to its user it also performs malicious actions.
For example, it might open a back door and give the attacker remote access to your computer.
Now, as I mentioned there the name derives from the story of a Trojan horse.
So let's explore that a little bit.
Now the myth of the Trojan horse is a story from the Trojan war about a trick that the Greeks played to win a war against the city of Troy.
So what the Greeks did is they constructed a huge wooden horse, hid soldiers inside and left outside the city walls as a gift to the Trojans to almost say, well done for fighting so bravely.
We're going to retreat.
Here's your gift to have been such brave soldiers.
Now the Trojans accepted the gift and they pulled the horse in to their city and that night the Greek forces cracked out the horse and open the Gates for the rest of the Greek army.
And then they captured the city of Troy and he war was won by the Greeks.
So you can see the name link there, because if we just get back to actually what a Trojan is, is a bit of software that perform, that looks like it's something else, but also unbeknownst to the user, something hidden, some malicious intent is hidden inside the code.
So for example, if you're trying to download something from the internet, maybe from a source that you didn't trust, it might be well be that you'll download the name of the song or the name of a movie that you want to download.
But when you actually run that code or download it and run the application, there's actually some malicious code in there that can cause problems on your system.
Okay, so let's move on to ransomware now.
Now you might be aware of ransomware 'cause in lesson two if you remember, we talked about some ransomware.
I gave the example at the beginning of the lesson, and we also talked about that famous example.
Wonder if you can remember the name of that.
So ransomware is a form of virus.
And as it's self replicating, it takes advantage of any security vulnerabilities in an operating system or an application or any software code, including application plugins or software libraries.
But specifically ransomware locks a computer, encrypt files and therefore prevents the user from being able to access the data.
So it's called ransomware because the attacker then demands a ransom to decrypt the data.
So it demands the ransom be paid before the data is decrypted and the files, and unlocks the computer.
Now, if you spoke to anybody in the police force they would say you never pay the ransom because you can't guarantee that they would ever decrypt your files, even if you paid the money.
So, can you remember the name of that ransomware attack? Well it's called the WannaCry, okay.
Now I've got a quick question for you before we explore that again.
So what did viruses, worms and ransomware all have in common? Okay, is it option one, they are all self replicating? Is it option two, they all encrypt data? Or is it option three, they all slow down the network? So what do you think? Have you got an answer? So see if you can give me the answer in three seconds.
So three, two, one, it is option? Well, let's see if you were right.
Okay, well done, it was option one.
I heard you all shouting that so I know you are all right.
So well done.
It was option one.
Is that the fact they are all self replicating.
Now I mentioned to you before that the ransomware we talked about was WannaCry.
So just to remind you about that.
This was an attack back in April, 2017 and is estimated to have affected over 200,000 computers across 150 countries.
And that included our NHS systems. And remember, we talked about how dangerous that could be for us.
But what I'd like to do now is I would like you to head over to your worksheet.
I'd like to watch some videos specifically about the WannaCry attack.
And I'd like to answer the questions based on that.
So if you can pause the video now, if you can head over to task one of your worksheets, click on the links to watch the videos, and then there's some questions for you to answer on your worksheet.
So unpause when you've done that, and I'll be here when you get back.
Okay, so how did you get something with that? So let's now go through the answers.
So our first question was how did WannaCry spread? Well, the video suggested that WannaCry was spread by sending the EternalBlue exploit via email.
So what type of malware is WannaCry? Well, we know it to be ransomware and that's absolutely correct.
But it's also been described as a Trojan worm, which means that it was delivered via an email attachment.
So in a kind of hiding itself as something it wasn't, so therefore Trojan, but once in a network it could spread without the need to be embedded in software.
So more of that kind of a worm style of behaviour, okay.
So who can share the blame for the spread of WannaCry? Well, the first point is absolutely the cybercriminals who exploited the system, who sent the WannaCry ransomware out.
Absolutely, they are to blame, okay.
There's no question.
But the perhaps the more debatable elements would be the National Security Agency.
So the NSA in the USA, who knew about the exploit, but did not initially tell Microsoft.
So are they to blame? Or maybe we should be blaming Microsoft themselves.
I mean, it was their operating system and their operating system had a flaw in it that could be exploited.
So maybe they're to blame.
I mean, to be fair to Microsoft, as soon as they were aware of the problem, then they quickly acted upon it and released a security patch.
Well, maybe we should actually blame the victims. When the victims, the ones who didn't upgrade their operating system to the latest version or instal the latest update with that security patch which would have stopped the virus from, or stop the, sorry the WannaCry from spreading.
So maybe then that includes our NHS systems. So I think what the level we're getting to now is the fact that you're aware of all these different types of cybercrime.
So we know about things like Trojans.
We know about wounds, we know about ransomware, but the next level is really kind of unpicking this and be able to have this kind of debate about who's to blame and why it happened in the first place.
So, lets now look at some other types of automated attacks that we haven't yet covered.
So one of them is spyware.
Now spyware, as you can imagine from the name is unwanted software that monitors and gathers information, or spies on them, on a person, how they use their computer.
Now this could include monitoring your internet usage, for example, to maybe, you know, sell that information onto somebody else or send you a harmless, but annoying advertises.
But maybe more sinister spyware includes things like keylo, sorry, keyloggers that record every keystroke made by a user.
So obviously if you think about the danger behind that, if it's munching every keystroke, for example, if you went to your email account or your bank, if you typed in that website address, what's the next thing you going to type in? The likelihood is it will be your email address or your username.
And then what's going to follow that? Will it be your password? So the keylogger is monitoring all those things and recognises a bank's URL or web address.
Then the next thing they're going to know is the next thing they've typed in will probably be their username, password, and they've therefore got access to your system, okay.
Or your account, sorry.
So next thing to look at is adware.
Now adware refers to software that has advertisements embedded in the application.
So it's not always a bad thing and is considered to be a legitimate alternative to, that could be offered to consumers who don't want to pay for the software.
And I'm sure you've all done that.
If you've, if you are, if you do have a smartphone and you have access to the app stores, then lots of software, a lot of the apps you can pay for, but a lot of them are free.
And when they're free, often they come with advertises.
So that will be considered to be adware.
But hardware can be a problem.
And it can become a problem if, for example, it instals itself in your computer without your consent.
Or it instals itself in other applications, displaying advertises without you being aware that that's what's going on, it might even hijack your web browser in order to display more ads.
Maybe gathers data on your web browsing without your consent.
Or maybe it's deliberately designed to be difficult to uninstall.
So all those things you can see on the screen now, they're all kind of typical components that make up quite often, some adware, okay, which obviously does become a problem for the user.
Now let's move on to something called DDoSs and brute-force.
, okay.
So, DoS or a denial of service attack.
Now this is a cyber attack in which a criminal makes a network resource unavailable to its intended users.
And how that's done is it's done by flooding the targeted machine or website with lots of requests in an attempt to overload the system.
So basically this is one computer attacking one server, but the way it does it is it constantly sends requests.
For example, a web server, you might be constantly requesting a download or access to a website, but it constantly does it so much that eventually this would cause the server to crash and then become unavailable, okay.
So that'll be a denial of service because it's denying the server from doing its work, doing its job, okay.
There's a another type of attack which is really similar but this one's called a DDoS attack.
So this is a distributed denial of service attack.
So we've added the word distributed there.
So this is the same concept of a denial of service attack but this time it is multiple computers making the attack at the same time.
Now it can in theory be quite easy to stop a denial of service attack, because if it's one computer making the attack, you can put software in place quite easily to recognise if one computer is the same computer which is making lots of requests at the same time, we can just cut them off and stop them from doing that before the server falls over.
Okay.
But actually a denial of service attack is a lot more difficult to do something about.
It's is a lot more difficult to stop the attack by simply blocking a single source because it's coming from multiple sources.
It's also a lot more difficult to identify who is responsible.
There's lots of machines making the requests and many of them are infected by malware.
So, many of these computers might not even know they are being used for this type of attack.
It might come from legitimate users who aren't intending to make this attack.
So this leads on nicely to something called a zombie.
Now Trojan horses can be responsible for the creation of things called zombies.
Now in computing a zombie is a computer connected to the internet that has been compromised by a hacker, maybe a virus or Trojan horse programme that can be used to perform various malicious tasks under remote direction.
Or actually created or activated by what you call a bot herder.
So the person who's spread the malware eventually can activate at the same time, perhaps even to create a DDoS attack.
So these maybe, this malware maybe lies dormant until the bot herder activates the, this malware.
So activates the computers and tells them when to do the DDoS attack.
Now the last thing for us to look at in these automated forms of attack is something called brute-force attack.
Now, this is a form of attack that makes multiple attempts to discover something.
Quite often more often than not a password.
Now it's called brute-force 'cause it just keeps going until it eventually gets it, til eventually cracks a password.
So it's brute-force because nothing that says sophisticated about it, it just keeps attempting, attempting, attempting until eventually it gets in, okay.
So, that's where our first exercise or next exercise, sorry, for this lesson is going to be.
So what I'd like to do is I'd like to head over to task two on your worksheet and complete all the activities on there.
Now this requires you to use a Python programme to type in various different passwords at different strengths and different length to work out how long it would take maybe, for a software application to crack the password, okay.
So pause the video, have a go at that.
Don't be afraid, some of them take a little bit longer.
It might look like they've paused for a few seconds.
It doesn't mean it hasn't worked.
Give that about 30 seconds or so if it looks like it's not working and eventually you'll see the answer.
It's just may well be that it's taken the software application just a little bit longer to find the answer, okay.
So pause the video, have a go at that.
Once you've done that unpause and we'll continue.
Okay, so how did you get on with that exercise? Now I've got a couple of questions for you related to that.
So my first question is what rules do you think a company might place on their login systems to reduce the chance of a brute-force attack being successful? Okay, so I'd like to pause the video, just think about that for a second.
Okay, so what did you come up with? Now, we are going to explore this in a future lesson, but I think you may have well come up with the fact that if a brute force attack is attempting passwords, maybe we could put something simple on there to say they can't attempt to put their username password in more than maybe five times before it blocks the account and it needs to be unlocked in some other way.
Okay my next question is thinking about the exercise that you completed, what simple password rules would you set yourself to reduce the chance of a brute-force attack being successful? So again, if you can pause the video, think about that and then unpause when you've got answer, when you have an answer.
Okay, so simple password rules is, and it may well be that you have these rules on your school system and I'm sure you've come across this on an online account before.
Maybe you could have a minimum number of characters maybe six or seven characters, must have a capital letter, must have a number, must have a special character, for example, okay.
So those are examples of things you might have.
Actually good advice now is to have three random unrelated words all put together.
And that way it's hard for any kind of brute-force attack to be successful.
It's hard to guess, but it's also maybe memorable for you to remember 'cause with your passwords obviously, the more complex it becomes the harder it is for you to remember.
So three random words is often easier for us as human beings to remember, and actually is also just as difficult for any kind of attack to try and crack, okay.
So that's all for this lesson and I hope you've enjoyed learning about the automated forms of attack that there are out there.
So our next port of call in our future lessons too, is to learn about how would we defend against these kinds of attacks, okay.
So I hope that you've enjoyed it and if you'd like to share your work with us, we would love to see your work.
Then please share it with us on Instagram, Facebook, or Twitter, tagging @OakNational and using the #learnwithOak, okay.
So I'll look forward to seeing you in lesson four.
