Cyber Security — Threats and Prevention
Why Cyber Security Matters
Computer systems and networks hold enormous amounts of valuable data — personal information, financial records, business secrets, and more. Malicious actors exploit weaknesses in systems to steal data, cause disruption, or gain unauthorised access.
Understanding how attacks work is the first step to defending against them. OCR J277 requires knowledge of six forms of attack and seven prevention methods.
Malware
Malware (malicious software) is any software designed to harm a computer system without the owner's knowledge or consent. Types include:
| Type | How it works | Purpose |
|---|---|---|
| Virus | Attaches to files; spreads when files are shared or opened | Damages files, steals data, disrupts systems |
| Worm | Self-replicates and spreads across a network without user action | Consumes bandwidth, installs other malware |
| Trojan | Disguises itself as legitimate software | Creates a backdoor for attackers; often used to install further malware |
| Ransomware | Encrypts the victim's files | Demands a ransom payment to restore access |
| Spyware | Runs hidden in the background; monitors activity | Steals passwords, keystrokes, financial details |
Social Engineering and Network Attacks
Social Engineering — Phishing
Social engineering exploits human psychology rather than technical weaknesses — people are the "weak point" in any security system.
Phishing is the most common form: attackers send emails (or texts/messages) that appear to come from legitimate sources (a bank, government agency, online retailer) to trick users into:
- Clicking a link to a fake website and entering credentials
- Downloading malware
- Providing personal information directly
Why it works: Messages create urgency ("Your account will be closed!"), appear authentic (copied logos, official-sounding language), and target human trust.
Spear phishing — targeted phishing aimed at a specific person using personalised information to increase credibility.
(Extra context — vishing (voice phishing) and smishing (SMS phishing) are specific variants; not required by OCR J277 1.4.1.)
Brute-Force Attacks
A brute-force attack attempts to gain access to an account or system by systematically trying every possible password or key combination until the correct one is found.
- Automated software can test millions of combinations per second
- Short or simple passwords are cracked quickly; long, complex passwords take impractical amounts of time
- Purpose: Gain unauthorised access to accounts, encrypted files, or systems
Denial of Service (DoS) Attacks
A Denial of Service (DoS) attack floods a server or network with so many requests that it becomes overwhelmed and cannot respond to legitimate users.
- The server's resources (bandwidth, processing power, memory) are consumed by fake requests
- Purpose: Disable a website or online service; cause disruption or financial loss
- Legitimate users cannot access the service during the attack
(Extra context — a Distributed Denial of Service (DDoS) attack uses a botnet of many compromised computers to amplify the attack; not required beyond the basic DoS concept by OCR J277 1.4.1.)
Data Interception and Theft
Data interception occurs when an attacker captures data as it travels across a network.
- On unencrypted connections (plain HTTP, unprotected Wi-Fi), data packets can be read by anyone with the right tools
- Purpose: Steal passwords, financial details, personal data, or business information
- Man-in-the-middle attack: Attacker secretly intercepts and possibly alters communications between two parties who believe they are communicating directly
(Extra context — "packet sniffing" is the technical method used to capture traffic; not required by name in OCR J277 1.4.1.)
SQL Injection
SQL injection is an attack that targets databases by inserting malicious SQL code into an input field (e.g. a login form or search box).
If a web application passes user input directly into a database query without sanitising it, an attacker can inject SQL commands that the database executes.
How it works (concept):
A login form might check credentials with a query like:
SELECT * FROM users WHERE username = '[input]' AND password = '[input]'
If the attacker enters ' OR '1'='1 as the username, the injected query becomes:
SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '...'
Since '1'='1' is always true, the query returns records — granting access without a valid password.
Purpose: Bypass authentication, extract the entire contents of a database, modify or delete records.
Worth saving these ideas?
Turn what you've read into instant revision cards. Free to get started.
Prevention Methods
Penetration Testing
Penetration testing (pen testing) involves authorised security professionals attempting to attack a system using the same techniques as real attackers — to discover vulnerabilities before malicious actors do.
- Identifies weaknesses in software, configurations, and network setups
- Results inform security patches and improvements
- Prevents: All forms of attack by finding and fixing vulnerabilities first
Anti-Malware Software
Anti-malware software detects, quarantines, and removes malicious software.
- Scans files and programs against a database of known malware signatures
- Monitors real-time system behaviour for suspicious activity
- Regular updates are essential as new malware is created continuously
- Prevents: Malware infection (viruses, worms, trojans, ransomware, spyware)
Firewalls
A firewall monitors and controls incoming and outgoing network traffic based on configured rules.
- Can be hardware (a dedicated device) or software (running on the computer)
- Blocks unauthorised access while allowing legitimate traffic
- Can block traffic from suspicious IP addresses or restrict which ports are accessible
- Prevents: Unauthorised access; some forms of DoS attack (by blocking suspicious traffic); data interception
User Access Levels
User access levels restrict what different users can do within a system — users are given only the permissions they need to do their job (principle of least privilege).
- Administrator: full access (install software, change settings, manage accounts)
- Standard user: limited access (run applications, save to designated areas)
- Read-only: can view but not modify
- Prevents: Insider threats; limits damage if an account is compromised — an attacker can only do what that user's account permits
Passwords
Strong passwords are the first line of defence against unauthorised access. A strong password:
- Is long (8+ characters; longer is better)
- Combines uppercase, lowercase, digits, and symbols
- Is unique to each account
- Is changed regularly
Prevents: Brute-force attacks (strong passwords take too long to crack); unauthorised access. Combined with two-factor authentication, passwords are significantly more effective.
Encryption
Encryption converts data into an unreadable form so that even if it is intercepted, it cannot be understood without the decryption key.
- In transit: encrypts data as it travels across a network (HTTPS, Wi-Fi encryption)
- At rest: encrypts stored data (encrypted hard drives, encrypted files)
- Prevents: Data interception (intercepted data is unreadable); limits damage from physical theft of storage devices
Physical Security
Physical security measures protect the hardware itself from unauthorised physical access:
- Locked server rooms with restricted access
- Cable locks for laptops
- CCTV and security guards
- Building access control (key cards, biometrics)
Prevents: Direct hardware theft or tampering; some forms of data theft (an attacker who cannot physically reach a server cannot plug in a USB drive to copy data)
Common Exam Mistakes
1. Confusing DoS with malware
A DoS attack floods a server with traffic to overwhelm it — no malicious software is installed on the victim's machine. Malware is software that infects and harms the victim's own system. They are different attack types.
2. Saying "firewall stops all attacks"
A firewall controls network traffic — it helps prevent unauthorised network access. It does not stop phishing (a user clicking a link), it does not detect malware already installed on the system, and it cannot prevent SQL injection in a web application.
3. Saying SQL injection is a "password guessing attack"
SQL injection exploits poor input validation in the application's code — it manipulates the database query itself. Brute-force attacks try many passwords. They are completely different mechanisms.
4. Confusing encryption and passwords
Passwords control access (who can log in). Encryption protects data content (what the data says if intercepted or stolen). Both are needed; they address different vulnerabilities.
| Mistake | Correction |
|---|---|
| "Anti-malware software prevents SQL injection" | SQL injection is a web application vulnerability; anti-malware scans for malicious software on a system — they address different threats |
| "A DoS attack installs malware on the server" | A DoS attack simply overwhelms the server with requests; no software is installed |
| "Penetration testing is illegal" | Penetration testing is authorised — the organisation gives permission; it is legal and ethical security practice |
Generate revision on any topic you study
Type any topic you're studying and Aicademy generates a complete lesson, quiz, and flashcard set — personalised to your level.
Lessons on anything
Structured, level-matched lessons on any topic you study
Practice quizzes
Find out what you actually know before the exam does
Flashcard sets
Lock in key concepts with instant revision cards
Ask Aica
Stuck on something? Get a clear explanation, any time
Wired and Wireless Networks, Protocols and Layers
Systems Software — Operating Systems and Utilities
Related lessons
7 Slides
7 Slides
Wired and Wireless Networks, Protocols and Layers
OCR GCSE Computer Science · OCR J277
1 day ago
7 Slides
7 Slides