Core terms
- A vulnerability is a weakness that could be used against a system.
- A threat is something capable of causing harm, such as an attacker, malware, or unsafe behavior.
- An exploit is a method or tool used to take advantage of a vulnerability.
Requirement 4 of 9
Cyber Threats, Vulnerabilities, and Attacks
Define core cybersecurity risk terms, explore malware and phishing, review public Wi-Fi risks, and complete one current-events option.
Sign in or create an account to mark steps complete and save your progress.
Checklist
- 4a Define vulnerability, threat, and exploit and give an example of eachNot complete
- 4b Pick one type of malware, explain how it works, and describe the harm it can causeNot complete
- 4c Identify two risks of public Wi-Fi and describe how to reduce or avoid themNot complete
- 4d Describe spoofing and phishing, how to recognize them, and what steps to take if you encounter themNot complete
- 4e Complete one current-events option about a recent cybersecurity incident or a movie/book where cybersecurity is importantNot complete
- 4f Create a list of your cyber attack surface, including accounts, apps, devices, and networksNot complete
Requirement 4 discussion guide
Use these notes to discuss common cyber risks, how attacks happen, and how to respond responsibly.
Resources
Threats and attacks
Examples
- A website missing updates may have a vulnerability.
- A criminal trying to steal passwords is a threat.
- A malicious script that uses that weakness to gain access is an exploit.
Public Wi-Fi and phishing
Risks and responses
- Public Wi-Fi can expose users to fake hotspots, snooping, or unsafe login capture.
- Reduce risk by avoiding sensitive logins on untrusted networks, using HTTPS, turning off automatic connections, and using a VPN when appropriate.
- Phishing and spoofing often use urgency, fake branding, unexpected links, or strange sender details to trick people into clicking or sharing information.
Attack surface
What to include
- Email and social accounts, game accounts, school accounts, phones, tablets, laptops, cloud storage, and home Wi-Fi.
- Any place where someone might try to log in, steal data, trick you, or misuse a weak setting increases your attack surface.
Cyber Threats, Vulnerabilities, and Attacks discussion locked
Sign in or create an account to mark progress complete.
Malware example
Pick one kind of malware, explain how it works, and describe the harm it can cause.
Malware types you could choose
- Virus, worm, Trojan, spyware, ransomware, or backdoor.
- Be ready to explain how it spreads, what it tries to do, and why it is harmful.
Helpful structure
- Name the malware type.
- Explain how it gets onto a device.
- Explain what damage it can cause, such as stealing data, spying, locking files, or slowing a system down.
Malware example locked
Sign in or create an account to mark progress complete.
Public Wi-Fi risks
Identify two risks of using public Wi-Fi and explain how to reduce or avoid them.
Common risks
- Fake hotspots can trick you into joining an attacker's network.
- People on an unsafe network may try to snoop on traffic or capture logins.
Ways to reduce risk
- Avoid sensitive logins on untrusted networks when possible.
- Use HTTPS, turn off automatic Wi-Fi joining, and use a VPN when appropriate.
Public Wi-Fi risks locked
Sign in or create an account to mark progress complete.
Spoofing and phishing
Explain what spoofing and phishing are, how to recognize them, and what to do if you encounter one.
What to watch for
- Unexpected messages that create urgency or fear.
- Links, sender names, or website addresses that look almost right but not quite.
- Requests for passwords, codes, money, or personal information.
Safe response
- Do not click suspicious links or reply with personal details.
- Report the message to a trusted adult, school, or service provider and warn others if needed.
Spoofing and phishing locked
Sign in or create an account to mark progress complete.
Current events choice
Choose one current-events option: a recent cybersecurity incident or a movie/book where cybersecurity plays an important role.
Select 1 current-events option
Pick one option below and be ready to discuss what you learned with your counselor.
0 selected, 1 required
Sign in or create an account to choose items and save progress.
Select items above to show their notes here. Choose at least 1.
Current events choice locked
Sign in or create an account to mark progress complete.
Your cyber attack surface
Create a list of all the accounts, apps, devices, and networks that could be used to reach your information.
What to include
- Email, gaming, school, shopping, and social media accounts.
- Phones, tablets, laptops, smart TVs, game consoles, and cloud storage.
- Home Wi-Fi, routers, and any shared family devices.
Why it matters
- Every login, app, and connected device is another place where a weak password, unsafe setting, or scam could create risk.
- Knowing your attack surface helps you protect the most important accounts and devices first.
Your cyber attack surface locked
Sign in or create an account to mark progress complete.
Jump To A Requirement
Navigate anywhere in this merit badge without losing your place.
Requirement 1
Safety
Open requirement
Requirement 2
Ethics
Open requirement
Requirement 3
Fundamentals
Open requirement
Requirement 4
Cyber Threats, Vulnerabilities, and Attacks
Current requirement
Requirement 5
Cyber Defenses
Open requirement
Requirement 6
Cryptography
Open requirement
Requirement 7
Connected Devices and IoT
Open requirement
Requirement 8
Cybersecurity Activities
Open requirement
Requirement 9
Careers
Open requirement