Cyber-security threats

A threat is anything that could harm a system or its data. AQA's GCSE focuses on a handful of common technical threats that cause most real incidents: malicious code, weak/default passwords, misconfigured access rights, removable media and unpatched / out-of-date software.

1. Malicious code (malware)

Software designed to harm or exploit a system. Detailed in CS6.3, but headline categories:

• Viruses — attach to files; spread when files run.
• Worms — self-spreading across networks.
• Trojans — disguised as legitimate software.
• Spyware — silently collects information.
• Ransomware — encrypts files and demands payment.

How attackers introduce malware: phishing emails, infected websites, USB drops, malicious downloads.

2. Weak and default passwords

The single most common vulnerability. Attackers exploit:

• Default passwords — devices shipped with "admin / admin" that are never changed.
• Common passwords — "123456", "password", names, dates of birth.
• Reused passwords — same password across many sites; one breach compromises all.

Defences: long unique passphrases, password managers, 2FA, force change of defaults.

3. Misconfigured access rights

Users or processes given more permissions than they need. If their account is compromised, the attacker inherits all those permissions.

Examples:

• Every user in an admin group "for convenience".
• A web service running as the all-powerful root/admin account.
• Files left world-readable in cloud storage.

Defence: principle of least privilege — grant only what's needed for the job, nothing more. Audit regularly.

4. Removable media

USB sticks, external drives and DVDs can carry malware between systems. Even an air-gapped machine can be infected by an infected USB drive (Stuxnet famously did this in 2010).

Risks:

• USB sticks plugged in by curious staff who found one in the car park.
• Personal USBs carrying files between home and work, possibly infected at home.
• Loss of a USB containing sensitive data.

Defences: ban or restrict removable media, scan all media on insertion, encrypt removable storage, use secure file-sharing platforms instead.

5. Unpatched software

Software has bugs; attackers exploit known bugs to break in. Patches fix these — but only if installed.

Examples:

• A web server running an old library with a known vulnerability.
• A user ignoring browser updates.
• An unpatched router with a public exploit.

Defences: enable automatic updates, retire unsupported systems, monitor vulnerability advisories.

Threats vs vulnerabilities vs attacks

• Vulnerability — a weakness (e.g. weak password).
• Threat — a potential bad event (e.g. attacker guesses password).
• Attack — an actual attempt to exploit (e.g. brute-force login).

A vulnerability without a threat is unexploited; a threat without a vulnerability is harmless.