Common Cyber Threats
Students will identify and describe various cyber threats such as malware, phishing, and denial-of-service attacks.
About This Topic
Common cyber threats introduce Grade 9 students to key risks in networks and the global web, including malware, phishing, and denial-of-service attacks. Students compare malware types: viruses that infect files and spread when executed, worms that replicate independently across networks, and ransomware that locks data until payment. They examine phishing for traits like spoofed sender addresses, urgent demands, or malicious links, and predict attack impacts such as data loss, financial harm, or service disruptions for individuals and organizations.
This topic supports Ontario Curriculum standards CS.HS.CY.3 and CS.HS.S.10 by cultivating cybersecurity awareness and analytical skills. Students connect threats to everyday digital interactions, like social media or online banking, which sharpens their ability to evaluate online safety and ethical technology use.
Active learning excels with this content because threats feel distant until students engage directly. Simulations of phishing scenarios or collaborative threat hunts turn passive knowledge into practical defenses, boosting confidence and long-term retention through peer discussion and hands-on analysis.
Key Questions
- Compare and contrast different types of malware (e.g., viruses, worms, ransomware).
- Analyze the characteristics of a phishing attempt to identify potential scams.
- Predict the potential impact of a successful cyberattack on an individual or organization.
Learning Objectives
- Compare and contrast the mechanisms of viruses, worms, and ransomware.
- Analyze the common elements and deceptive tactics used in phishing attempts.
- Predict the potential consequences of a successful denial-of-service attack on a specific online service.
- Evaluate the ethical implications of creating or distributing malware.
- Identify preventative measures individuals and organizations can take against common cyber threats.
Before You Start
Why: Students need a basic understanding of how computers connect and communicate to grasp how cyber threats exploit these connections.
Why: Prior exposure to general online safety principles provides a foundation for understanding specific cyber threats and preventative measures.
Key Vocabulary
| Malware | Short for malicious software, this is any software intentionally designed to cause damage to a computer, server, client, or computer network. |
| Phishing | A cybercrime where attackers attempt to trick victims into revealing sensitive information, such as usernames, passwords, and credit card details, often through deceptive emails or websites. |
| Ransomware | A type of malware that encrypts a victim's files, making them inaccessible until a ransom is paid to the attacker for the decryption key. |
| Denial-of-Service (DoS) Attack | An attack designed to overwhelm a system, server, or network with traffic, making it unavailable to its intended users. |
| Virus | A type of malware that attaches itself to legitimate files or programs and replicates when those files are executed, spreading to other systems. |
| Worm | A standalone type of malware that replicates itself to spread to other computers, often exploiting network vulnerabilities without requiring user interaction. |
Watch Out for These Misconceptions
Common MisconceptionAll malware acts the same way and spreads only through downloads.
What to Teach Instead
Viruses need host files to spread, unlike self-replicating worms; ransomware specifically encrypts files. Sorting activities and matching games help students categorize differences through tactile comparison, clarifying propagation methods via group debates.
Common MisconceptionPhishing only occurs through email and is easy to spot.
What to Teach Instead
Phishing uses texts, calls, or sites too, often mimicking trusted sources subtly. Analyzing varied samples in rotations builds detection skills, as peers challenge assumptions during discussions.
Common MisconceptionCyberattacks only target large companies, not everyday users.
What to Teach Instead
Individuals face ransomware or phishing losses routinely. Role-plays simulating personal impacts reveal scale, with shared stories reinforcing vulnerability through empathetic group reflection.
Active Learning Ideas
See all activitiesStations Rotation: Threat Identification Stations
Prepare four stations with samples: malware descriptions to sort, phishing emails to flag, DoS impact videos to note, and ransomware case studies to discuss. Groups rotate every 10 minutes, recording key traits and defenses at each. Debrief as a class to compare findings.
Phishing Email Creation Challenge: Pairs
Pairs craft realistic phishing emails using templates, then swap with another pair to identify scam indicators like poor grammar or fake URLs. Discuss effective defenses such as two-factor authentication. Vote on the most convincing scam.
Malware Matching Game: Whole Class
Display cards with malware definitions, examples, and effects. Students match them in a timed relay race across the room. Review matches and extend to real-world prevention strategies like updates and antivirus software.
Cyber Impact Role-Play: Small Groups
Assign roles like individual user, small business owner, or school admin facing a threat. Groups predict and act out consequences, then brainstorm mitigation plans. Share strategies in a gallery walk.
Real-World Connections
- Cybersecurity analysts at financial institutions like RBC or TD Bank investigate phishing attempts to protect customer accounts from fraud and identity theft.
- IT departments in hospitals use intrusion detection systems to defend against ransomware attacks that could compromise patient records and disrupt critical healthcare services.
- Network engineers for internet service providers, such as Bell or Rogers, monitor for and mitigate denial-of-service attacks that could disable internet access for thousands of customers.
Assessment Ideas
Present students with three short scenarios. For each, ask them to identify the primary cyber threat described (malware, phishing, DoS) and briefly explain their reasoning. For example: 'An email arrives asking for your bank login to verify your account; what is this?'
Provide students with a template asking them to name one type of malware and describe how it spreads. Then, ask them to list two specific actions they can take to protect themselves from phishing scams.
Pose the question: 'Imagine a popular online game server is taken offline by a DoS attack. What are three potential impacts on the players and the game company?' Facilitate a class discussion to explore consequences like lost revenue, player frustration, and damage to reputation.
Frequently Asked Questions
How do I teach students to compare types of malware?
What are key signs of a phishing attempt?
How can active learning help teach common cyber threats?
What impacts do denial-of-service attacks have?
More in Networks and the Global Web
Introduction to Cloud Computing
Students will explore the concepts of cloud services, deployment models, and their advantages/disadvantages.
2 methodologies
Fundamentals of Cybersecurity
Students will define cybersecurity and identify its core principles (confidentiality, integrity, availability).
2 methodologies
Introduction to Cryptography
Students will explore basic cryptographic concepts, including symmetric and asymmetric encryption.
2 methodologies
Social Engineering Tactics
Students will learn about social engineering techniques and how attackers manipulate individuals to gain access.
2 methodologies
Digital Footprint and Online Privacy
Students will explore the concept of a digital footprint and strategies for managing online privacy.
2 methodologies
Secure Passwords and Authentication
Students will learn best practices for creating strong passwords and understanding multi-factor authentication.
2 methodologies