GCSE > Computer Science > OCR > GCSE Computer Science > COMPUTER SYSTEMS: Threats to computer systems and networks > Forms of attack
Previous Module
Next Module

COMPUTER SYSTEMS: Encoding and compression

COMPUTER SYSTEMS: Network topologies

COMPUTER SYSTEMS: Wired and wireless networks, protocols, and layers

COMPUTER SYSTEMS: Threats to computer systems and networks

COMPUTER SYSTEMS: Operating systems and utility software

ALGORITHMS AND PROGRAMMING: Types of data

ALGORITHMS AND PROGRAMMING: Producing robust programs

ALGORITHMS AND PROGRAMMING: Designing, creating, and refining algorithms

ALGORITHMS AND PROGRAMMING: Artificial Intelligence (AI)

  • Malware: malicious software installed without user knowledge.
    • Purpose: disrupt, damage, steal data, demand money, or spy.
    • Types:
      • Viruses: infect host programs, damage files when run.
      • Worms: self-replicate without host, spread across networks
      • Trojans: disguised as useful software; trick users into installing. 
      • Ransomware: encrypts files, demands payment to unlock.
      • Spyware: monitors user activity, e.g. keylogging. 
      • Rootkits: modify OS to hide from antivirus.
      • Backdoors: open secret access for future attacks.
  • Social engineering: tricking people (usually the weakest link) into giving access or data.
    • Purpose: gain sensitive information without technical hacking.
    • Types: 
      • Phishing: fake emails/websites collect login info and passwords.
      • Cold-calling: impersonators ask users to ‘confirm’ credentials.
  • Brute-force attacks: guessing passwords through automated tools. They will typically use ‘dictionary attacks’ first by going through common word and number combinations, then trying every possible combination, attempting millions of guesses per second.
    • Purpose: gain unauthorised access by cracking passwords.
  • Denial of service (DoS) attacks: overwhelms a server with too many requests.
    • Purpose: disruption, blackmail, protest, or competitive sabotage.
    • DDoS (Distributed DoS): use multiple machines (botnet) to crash or slow down services, making them inaccessible.
  • Data interception and theft: stealing data while it is in transit.
    • Purpose: identity theft, industrial espionage, or unauthorised access
    • Types:
      • Packet sniffing: reads data packets in transit.
      • MITM (Man-in-the-Middle): intercepts between user and server.
        • Insider attacks: trusted users steal data.
  • SQL injection: a hacker inserts malicious SQL code into a form input, making the website unknowingly treat the input as a command. For example, a website may have an SQL query like ‘check USERNAME matches PASSWORD.’ If an attacker types ‘OR 1=1,’ then the query would be ‘check USERNAME OR 1=1’ and since 1=1 is always true, they can bypass login requirements.
    • Purpose: gain access to data without logging in properly.
  • Insider attacks: a person within the organisation misuses access to sell, leak, or steal sensitive info for financial gain, espionage, or as a whistleblower.
    • Purpose: data theft or sabotage from someone credible or trusted.
  • Passive attacks: eavesdropping on network traffic without affecting it. This uses tools like packet sniffers which are hard to detect as they don’t alter data flow. 
    • Purpose: surveillance and gathering sensitive data quietly.
  • Active attacks: direct interference with systems. Examples include malware installation, DoS attacks, brute-force, or MITM.
    • Purpose: disruption, control, or theft.

Unlock Forms of attack

Subscribe to SnapRevise+ to get immediate access to the rest of this resource.

Premium accounts get immediate access to this resource.

Previous Module
Next Module