Network Security Threats

Networks face a wide range of security threats from individuals and groups who seek to steal data, disrupt services or gain unauthorised access. Understanding these threats is essential for GCSE Computer Science and for protecting real-world systems.

---

Why Are Networks Vulnerable?

Networks are vulnerable because:

• Data is transmitted across shared infrastructure that can be intercepted.
• Networks are connected to the internet, exposing them to global threats.
• Users may be tricked into revealing sensitive information.
• Software may contain bugs that attackers can exploit.
• As more devices connect (IoT), the attack surface increases.

---

Types of Malware

Malware (malicious software) is any software designed to harm, exploit or gain unauthorised access to a computer system.

Viruses

• A virus is malware that attaches itself to a legitimate program or file.
• It spreads when the infected file is opened or executed.
• The virus can then replicate itself by attaching to other files.
• Effects can include deleting files, corrupting data, slowing down the system or displaying unwanted messages.

Worms

• A worm is similar to a virus but spreads independently — it does not need to attach to a file.
• Worms exploit vulnerabilities in networks and operating systems to spread from device to device automatically.
• They can consume network bandwidth and system resources, causing slowdowns or crashes.

Trojans

• A Trojan (Trojan horse) disguises itself as legitimate software.
• The user installs it thinking it is a useful program, but it contains hidden malicious code.
• Trojans can create backdoors that allow attackers to remotely access the computer.
• Unlike viruses and worms, Trojans do not replicate — they rely on the user to install them.

Spyware

• Spyware monitors user activity without their knowledge.
• It can record keystrokes (keylogger), take screenshots, track browsing habits and steal personal data.
• Spyware is often installed alongside free software or through malicious downloads.

Ransomware

• Ransomware encrypts the victim's files and demands a ransom payment (usually in cryptocurrency) to decrypt them.
• The victim cannot access their files until they pay — though payment does not guarantee recovery.
• Major ransomware attacks have targeted hospitals, schools and businesses worldwide.

Malware Type	How it Spreads	Key Feature
Virus	Attached to files; activated when opened	Replicates by attaching to other files
Worm	Spreads independently across networks	Self-replicating; no user action needed
Trojan	Disguised as legitimate software	Creates backdoors; does not self-replicate
Spyware	Hidden in downloads or bundled software	Monitors activity and steals data
Ransomware	Phishing emails, malicious downloads	Encrypts files and demands payment

---

Social Engineering

Social engineering is the manipulation of people into revealing confidential information or performing actions that compromise security. It exploits human psychology rather than technical vulnerabilities.

Phishing

• Phishing is a social engineering attack where the attacker sends fake emails or messages that appear to come from a trusted source (e.g. a bank, online retailer or colleague).
• The message typically contains a link to a fake website that looks like the real one.
• The victim enters their login credentials or personal information, which the attacker then steals.
• Spear phishing is a targeted form of phishing aimed at a specific individual, using personalised information to be more convincing.

Pharming

• Pharming redirects users from a legitimate website to a fake website without their knowledge.
• This is achieved by modifying DNS records or by installing malware that alters the victim's DNS settings.
• The user believes they are on the real website and enters their credentials, which are captured by the attacker.

Shoulder Surfing

• Watching someone enter their password or PIN by looking over their shoulder.
• Can happen in public places, offices or at ATMs.

Pretexting

• Creating a fabricated scenario to persuade someone to give up information (e.g. pretending to be an IT support technician asking for a password).

---

Network-Based Attacks

SQL Injection

• SQL injection is an attack on a website's database.
• The attacker enters malicious SQL code into an input field (such as a login form or search box).
• If the website does not properly validate user input, the SQL code is executed by the database.
• This can allow the attacker to view, modify or delete data, bypass authentication, or even take control of the server.
• Example: entering ' OR '1'='1 into a login field might bypass the password check.

Prevention

• Input validation/sanitisation — checking and cleaning user input before processing it.
• Parameterised queries — using prepared statements that separate SQL code from user input.

DDoS (Distributed Denial of Service)

• A DDoS attack overwhelms a server or network with a massive volume of fake requests from many sources.
• The server becomes so overloaded that it cannot respond to legitimate users.
• DDoS attacks often use botnets — networks of compromised computers (called zombies) controlled by the attacker.
• The goal is to disrupt service, not to steal data.

Brute Force Attack

• A brute force attack systematically tries every possible combination of characters to guess a password.
• Modern brute force attacks can try millions of combinations per second.
• Longer, more complex passwords take exponentially longer to crack.
• Dictionary attacks are a variation that tries common words and phrases first.

Man-in-the-Middle (MITM) Attack

• An attacker secretly intercepts and potentially alters communication between two parties.
• Neither party knows the attacker is present.
• Common on unsecured Wi-Fi networks.
• Can be prevented by using encryption (HTTPS, VPNs).

---

Data Interception and Theft

Packet Sniffing

• Using software to capture and read data packets as they travel across a network.
• If data is unencrypted, the attacker can read usernames, passwords, emails and other sensitive information.
• Prevention: use encryption (HTTPS, WPA2/WPA3, VPNs).

---

Summary

• Malware includes viruses, worms, Trojans, spyware and ransomware — each spreads and operates differently.
• Social engineering (phishing, pharming) exploits human behaviour rather than technical weaknesses.
• SQL injection targets databases through unvalidated input fields.
• DDoS attacks overwhelm servers with traffic to deny service.
• Brute force attacks guess passwords by trying many combinations.
• MITM and packet sniffing intercept data in transit.

Exam Tip: When describing a threat, always explain (1) what it is, (2) how it works and (3) what damage it can cause. For higher marks, also suggest a prevention method.

---

Deeper dive: how attacks exploit network mechanics

Most network attacks exploit a specific feature of the TCP/IP stack, an unencrypted protocol, or human trust in a handshake. AQA expects you to understand the mechanism well enough to suggest a precise countermeasure.

Worked example — packet sniffing on an unencrypted WiFi network

Open or WEP-protected WiFi sends frames that any nearby device with a wireless NIC in monitor mode can capture. If a user logs into an HTTP (not HTTPS) website over such a network, the attacker can:

1. Capture the frame carrying the HTTP POST request.
2. Strip the Ethernet, IP and TCP headers.
3. Read the username and password in plain text in the payload.