Network security threats
OCR J277 Paper 1 regularly tests cybersecurity. Expect 4–6 mark "describe" and "explain" questions on specific threats, and evaluation questions on countermeasures. You must know the name, method and impact of each threat.
Malware (malicious software)
| Type | Method | Effect |
|---|---|---|
| Virus | Attaches to legitimate files; spreads when files are shared/opened | Corrupts/deletes data; spreads to other systems |
| Worm | Self-replicating; spreads through networks without user action | Consumes bandwidth; can install other malware |
| Trojan horse | Disguised as legitimate software | Creates back-doors; downloads other malware; allows remote access |
| Ransomware | Encrypts victim's files; demands payment for the decryption key | Data loss; financial loss; reputational damage |
| Spyware | Runs silently; records keystrokes (keylogger) or captures data | Credential theft; financial fraud |
| Adware | Displays unwanted adverts | Slows system; may redirect browser; privacy violation |
Social engineering
Manipulating people rather than systems:
- Phishing: sending fraudulent emails pretending to be from a trusted source (e.g. bank, HMRC) — trick user into revealing credentials or clicking a malicious link.
- Spear phishing: targeted phishing using personal details to seem more credible.
- Smishing: phishing via SMS text messages.
- Vishing: phishing via voice calls (phone).
- Blagging (pretexting): inventing a scenario to extract information. E.g. calling IT support pretending to be an employee locked out of their account.
- Shouldering (shoulder surfing): watching someone enter a PIN or password.
Technical attacks
Brute-force attack
- Automated trial of all possible password combinations until the correct one is found.
- Effectiveness: depends on password length and complexity. An 8-character password with only lowercase takes seconds; a 16-character mixed-case+symbols password could take centuries.
- Defences: account lockout after N failed attempts; long, complex passwords.
Denial-of-Service (DoS) and Distributed DoS (DDoS)
- DoS: overwhelming a server with requests so it cannot respond to legitimate users.
- DDoS: a coordinated attack from thousands of devices (a botnet of compromised computers) — much harder to block because the traffic comes from many sources.
- Effect: website/service goes offline; financial loss; reputational damage.
SQL injection
- A web form accepts user input that is passed directly to a database query without sanitisation.
- An attacker enters SQL code (e.g. ' OR '1'='1) as input — the database executes it as a command.
- Effect: bypass login; read, modify or delete database contents; steal user data.
- Defence: input validation; parameterised queries (prepared statements); least-privilege database access.
Data interception (packet sniffing)
- Data transmitted over a network can be captured by a third party using a packet sniffer.
- Particularly effective on unencrypted connections (e.g. HTTP vs HTTPS).
- Defence: encryption (HTTPS, VPN, TLS); avoid using public Wi-Fi for sensitive operations.
Common OCR exam mistakes
- Confusing virus and worm — a virus needs a host file and user action to spread; a worm spreads by itself over networks.
- Saying phishing is a technical attack — it is social engineering (it targets people, not systems directly).
- Forgetting that SQL injection requires unsanitised input — the vulnerability is in the code, not the database itself.
- Not distinguishing DoS (single source) from DDoS (distributed — botnet of many sources).
AI-generated · claude-opus-4-7 · v3-ocr-computer-science