Cyber Defender

  • 6 minutes

Screenshot of Minecraft Education Cyber Defender opening screen.

Cyber Defender is a single collection and is intended for learners ranging from high school to postsecondary. This Minecraft map is an immersive tower defense game. Participants learn about defense in depth in cybersecurity, the benefits and setbacks of defense strategies, and why understanding the basics of cybersecurity is critical for everyone!

Cyber Defender: Tower Defense is a special game dedicated to helping individuals learn more about cybersecurity. To better understand the basics of cybersecurity, specific Minecraft entities represent real-world cyberattacks and real-world defenses against cyberattacks. Throughout the game, individuals have the opportunity to learn more about various cyberattacks and layers of defense against these cyberattacks.

Malicious software, also known as malware, is software intentionally designed to cause damage to a computer or computer network. Malware takes many shapes, from viruses that infect your devices to spyware that tracks your online activities. Let’s further explore some of the malware found within Cyber Defender: Tower Defense.

By the end of the unit, students will be able to:

  • Explain what cybersecurity is
  • Identify various types of cyberattacks and their impact on individuals and/or organizations
  • Describe how multiple layers of defenses work to defend against cyberattacks
  • Explain the need for balance between adequate balance and allowing and organization to conduct business efficiently

The full lesson plan and educational materials for Cyber Defender are found on the Minecraft Education website.

Malware—Virus

Most of us are already familiar with the term "virus," but what does it actually mean? First, let’s think about viruses in non-technical terms. In biology, for example, a virus enters the human body, and once inside, can spread and cause harm. Technology-based viruses depend on some means of entry, specifically a user action, to get into a system. For example, a user might download a file or plug in a USB device that contains the virus and contaminates the system. You now have a security breach.

  • Name of malware: Virus

  • What this malware does: Viruses are designed to interfere with a device’s normal operation by recording, corrupting, or deleting its data. They often spread themselves to other devices by tricking people into opening malicious files.

  • How this malware is represented in Minecraft: Zoglin

    Screenshot of Zoglin character.

  • How it acts in the Minecraft map: Zoglins are the most basic attack. They might be obvious, wear a disguise, or look like friendly traffic.

Malware—DDoS attack

A distributed denial of service (DDoS) attack targets websites and servers by disrupting network services in an attempt to exhaust an application’s resources.

  • Name of malware: Distributed denial of service (DDoS) attack

  • What this malware does: This malicious attempt tries to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of traffic from multiple sources. The attack exhausts the target’s resources (such as bandwidth, processing power, or memory) making the service or website inaccessible to legitimate users.

  • How this malware is represented in Minecraft: Bees

    Screenshot of Bee character.

  • How it acts in the Minecraft map: The bees disrupt and slow friendly traffic to your farm by clogging up the gates.

Malware—Ransomware

Ransomware is a payload that locks systems or data until the victim has paid a ransom. Suppose there's an unidentified vulnerability in a network of connected devices. A cybercriminal can exploit this vulnerability to access and then encrypt all files across this network. The attacker then demands a ransom in return for decrypting the files. They might threaten to remove all of the files if the ransom hasn't been paid by a set deadline.

  • Name of malware: Ransomware

  • What this malware does: This attack encrypts the victim’s files, which renders them inaccessible. It then demands a ransom payment for restoring access to the encrypted data. If the ransom is paid, there's no guarantee the files will be restored or that the attackers haven’t already stolen your information by making unauthorized copies.

  • How this malware is represented in Minecraft: Spiders

    Screenshot of Spider character.

  • How it acts in the Minecraft map: The spider appears as a fox before it’s revealed. The spider then spins webs over the berries and threatens to destroy the berries unless you pay coins.

Malware—Worm

In contrast to a virus, a worm doesn't need any user action to spread itself across systems. Instead, a worm causes damage by finding vulnerable systems it can exploit. Once inside, the worm spreads to other connected systems. For example, a worm might infect a device by exploiting a vulnerability in an application that runs on it. The worm then spreads across other devices in the same network and other connected networks.

  • Name of malware: Worm

  • What this malware does: This type of malware replicates itself once inside of your system and is capable of spreading across the network without any user interaction. With each replication, the worm executes its malicious code, which can include data theft, DoS attacks, persistent back-door access to infected systems, and more!

  • How this malware is represented in Minecraft: Slime

    Screenshot of Slime character.

  • How it acts in the Minecraft map: The slime appears as a fox before it’s revealed. The slime then divides and attacks once it reaches the berries.

Malware—Trojan horse

A trojan horse attack gets its name from classical history, where soldiers hid inside a wooden horse that was presented as a gift to the Trojans. When the Trojans brought the wooden horse into their city, the soldiers emerged from hiding and attacked. In the context of cybersecurity, a trojan is a type of malware that pretends to be a genuine piece of software. When a user installs the app, it pretends to be working as advertised, but the app also secretly performs malicious actions such as stealing information.

  • Name of malware: Trojan horse

  • What this malware does: This type of malware disguises itself as a legitimate program or file to deceive users and gain unauthorized access to their systems. Once it infects a system, it performs a variety of malicious activities without the user’s knowledge, such as establishing persistent back-door access, information theft, installing keyloggers, and more.

  • How this malware is represented in Minecraft: Zombie Horse

    Screenshot of Zombie Horse character.

  • How it acts in the Minecraft map: The trojan horse appears as a normal horse. However, once it reaches the berries, it breaks apart into three baby zoglins (malware).

Malware—Spyware

Spyware is a type of payload that spies on a device or system. For example, the malware may install keyboard scanning software on a user's device, collect password details, and transmit them back to the attacker, all without the user's knowledge.

  • Name of malware: Spyware

  • What this malware does: This type of malware is designed to secretly gather information from a user’s computer or device without their knowledge. Its primary purpose it to monitor and collect sensitive data, which can then be used for various malicious activities such as identity theft, financial fraud, and tracking user’s online behaviors.

  • How this malware is represented in Minecraft: Silverfish

    Screenshot of Silverfish character.

  • How it acts in the Minecraft map: A Fox before revealed, it turns into a stone block next to your farm and slowly steals your emeralds.