CYBER SECURITY WEEK 3

Nama : Isalora Simanjuntak
Nim : 2681498454

QUESTIONS

  1. What is the difference between a virus, a worm, and ransomware?
  2. Describe the steps of a typical phishing attack. How can a business train its employees to spot one?
  3. Explain what a Distributed Denial-of-Service (DDoS) attack is and how it impacts business availability?

    ANSWER No. 1

    Here are the differences between a virus, a worm, and ransomware:

    Virus

    A virus is a type of malicious software that attaches itself to other files or programs and spreads when the infected file is executed by a user.
    a. Requires user action (for example, opening an infected file).
    b. Can damage or modify data.
    c. Spreads through files, email attachments, or storage devices.

    Worm

    A worm is a type of malware that can spread automatically without any user assistance or intervention.
    a. Does not need to attach itself to other files.
    b. Usually spreads through networks by exploiting security vulnerabilities.
    c. Can slow down or disrupt networks due to rapid replication.

    The main difference from a virus is that a worm does not require user action to spread.

    Ransomware

    Ransomware is a type of malware that encrypts or locks a victim’s files or data and then demands a ransom payment to restore access.
    a. Commonly enters systems through phishing emails or security vulnerabilities.
    b. Its goal is to extort money from victims.
    c. Can target both individuals and large organizations.

    ANSWER NO 2

    Steps of a Phishing Attack:

    1. The attacker creates a fake email or message that appears to come from a legitimate organization.
      b. The victim receives a message containing a malicious link or attachment.
      c. The victim is redirected to a fake website and asked to enter sensitive information such as passwords, OTP codes, or other personal data.
      d. The stolen data is then used to gain unauthorized access or commit fraud.

    How Businesses Can Train Employees:

    1. Provide regular training on phishing warning signs, such as suspicious emails, unusual links, and urgent or threatening messages.
    2. Conduct internal phishing simulations.
    3. Implement double verification procedures for sensitive requests.
    4. Use multi-factor authentication (MFA).
    5. Encourage employees to report suspicious messages immediately.

    In conclusion, preventing phishing requires strong employee awareness and a robust security system.

    ANSWER NO 3

    A Distributed Denial-of-Service (DDoS) attack is a type of cyberattack aimed at making a server, website, or online system unavailable. This attack is carried out by sending an extremely large amount of traffic to the target system from many devices at the same time.

    In a DDoS attack, the attacker typically uses a network of infected devices (known as a botnet) to send simultaneous requests to the target. As a result, the server becomes overwhelmed, cannot handle all the requests, and fails to serve legitimate users.

    Impact on Business Service Availability:

    1. The website or application becomes inaccessible (goes down).
      b. Operational disruptions, especially for online-based businesses.
      c. Loss of revenue due to halted transactions.
      d. Decreased customer trust and damage to company reputation.
      e. Additional costs for recovery and security improvements.

    In short, a DDoS attack disrupts services by overloading the system, preventing the business from operating normally.

Previous Post Previous Post
Newer Post Newer Post

Leave a comment