Description.
Unauthorized access to computing resources refers to when gaining access to computer systems without permission. This often involves exploiting weakness in the system or trying to manipulate people into revealing important information that can be sensitive. The goal may be to steal someones bank information, Adress, Passwords, important data, etc. To gain access to those personal information attackers use phishing, malware, and try to find weak passwords through brute force.
Phishing, Malware
1.Phishing.
Phishing is a type of attack where attackers try to trick people into giving away sensitive information, like passwords, bank information, and personal info. Attackers usually try to manipulate people through fake emails or messages that looks legitimate and make them think that there was an emergency. Examples of these emails includes emails that looks like it’s from your bank asking you to “verify your account.”, A message claiming you’ve won a prize and asking for personal info. A lot of people tend to beleive that these types of emails are real and tell them their personal info.
2.Malware.
Malware is short for malicious software and it refers to any software designed to harm computer devices. There are verious types of malware, but the most commonly used are Worms, Ransomware, and trojan. Worms is a type of virus that infects faslty making your device slower than usual or easier to crash. Ransomeware locks the device and demands money to restore access. They usually spread through phishing emails. Trojan is a type of malware that pretends to be a useful program, but secretly gains access and steal info.
Examples
Equifax Data Breach (2017) Hackers exploited a web application vulnerability to gain access to sensitive personal data of about 147 million people, including Social Security numbers and credit card information.
Yahoo Breaches (2013–2014) Attackers gained access to all 3 billion Yahoo user accounts, stealing email addresses, security questions, and hashed passwords. This remains one of the largest breaches in history.
SolarWinds Attack (2020) A sophisticated cyberattack compromised the SolarWinds Orion software, allowing hackers (suspected to be state-sponsored) to infiltrate U.S. government agencies and Fortune 500 companies.
How to Prevent
To prevent attackers from stealing personal info through unauthorized access we should use strong passwords. Attackers can guess people's password if it was their birhtdates, so we should start using long and unique passwords that are hard to guess. We should also start enabling Multi-Factor Authentication. It adds a second layer to our security and when our passwords get stolen attackers need authencation codes to fully gain access. A lot of emails and game accounts have these types of 2nd layer security. Lastly install security tools that can detect and fight against virus and malware. A famous security tool a lot of people use are Norton and McAfee.
Description
Misuse of computing resources refers to using computers, networks, or online services in a inappropriate way like for personal gain, illegal activities, or things that waste or damage the system. Common examples include cryptocurrency mining programs on someone else’s devices, sending spam emails using a company server, hosting malware, or downloading and sharing pirated content. Misuse can lead to slower systems, higher costs, and legal consequences and damage an organazation's reputation
Examples
Sony Pictures Hack (2014) Hackers broke into Sony’s network, stole sensitive information, and caused system problems. They used the company’s computers to spread malware and take files, which led to financial losses and leaked employee data.
Zeus Botnet (2007–2010) The Zeus botnet infected millions of computers. It used the infected computers to send spam emails and steal banking information without the owners knowing.
Cryptocurrency Mining on Hijacked Systems Hackers secretly installed mining software on school, company, or cloud computers to mine cryptocurrency. This slows down computers, wastes electricity, and costs money.
Protective Measures
To protect computing resources from misuse, organizations often use access controls, firewalls, and multi-factor authentication (MFA). Access controls make sure only authorized users can use certain systems or data. Firewalls block unauthorized network traffic and help prevent hackers from gaining access. It acts like an barrier between your internal network and the internet allowing only the authorized traffic to pass through. Multi-factor authentication adds an extra layer of security, requiring additional information to access an account.
Description.
When personal data is stored digitally it can be exposed to unauthorized access. This information includes your name, bank info, passwords, personal messages, and so on. It may be handy to store data digitally because it is way easier and wont have to worry losing it, but in the digital world there might be some kind of bug and your information might leak and you never know. Information is never safe in the digital world because they are saved under an app or website someone else made.
Examples
Marriott Data Breach (2018) Hackers accessed the reservation database of Marriott Hotels, exposing information like passport numbers, phone numbers, and travel details of around 500 million guests.
Zoom Privacy Issues (2020) During the pandemic, Zoom’s platform was found to collect user data and share some with third parties, raising concerns about surveillance and privacy.
Strava Fitness Tracking Leak (2018) Strava’s public heatmap revealed users’ locations and routines, unintentionally exposing sensitive locations such as military bases and private routes.
Role of companies, governments, and individuals in safeguarding data privacy.
Companies keep safe their customers and employees data, so none of their information gets used in a bas way.Companies also limit data collection to only what is necessary and obtain consent for its use. Governments create and enforce data protection laws to hold companies accountable. They also monitor organizations and penalize violations. Individuals try to protect their data by not using easy to guess passwords and easily being decieved by phishing. They can also use two-factor authentication for more security.