6.2) Cybersecurity/Computer Fraud

Question 1

Define computer fraud (5)

Answer 1

Any means a person uses to gain an unfair advantage over another person ; includes:
– A false statement, representation, or disclosure
– A material fact, that induces a victim to act
– An intent to deceive
– Victim relied on the misrepresentation
– Injury or loss was suffered by the victim

Question 2

• If a computer is used to commit fraud it is called computer __________ . Computer fraud is any fraud that requires computer _______________ to perpetrate it.

Answer 2

fruad
technology

Question 3

What are some examples of computer fraud? (3)

Answer 3

• Unauthorized theft, use, access, modification, copying, or destruction of software, hardware, or data.
• Theft of assets covered up by altering computer records.
• Obtaining information or tangible property illegally using computers

Question 4

Define vulnerability in cybersecurity and how they arise

Answer 4

a weakness or flaw in a system, network, software, or process that could be exploited by attackers to compromise the confidentiality, integrity, or availability of data or resources. Vulnerabilities can arise from various factors such as programming errors, misconfigurations, design flaws, or outdated software.

Question 5

Define a threat in cybersecurity

Answer 5

any potential danger or harm that could exploit a vulnerability and negatively impact an organization’s assets, operations, or reputation

Question 6

Define an attack in cybersecurity

Answer 6

an unauthorized attempt to exploit vulnerabilities and breach the security defenses of a system or network. Common types of cyberattacks include phishing, malware infections, denial-of-service (DoS) attacks, and social engineering.

Question 7

Define countermeasures in cybersecurity

Answer 7

Countermeasures are proactive or reactive measures implemented to prevent, detect, mitigate, or respond to cybersecurity threats and attacks. Countermeasures can include technical controls (such as firewalls, antivirus software, encryption), administrative controls (such as security policies, employee training, access controls), and physical controls (such as locks, biometric authentication, surveillance).

Question 8

What are two categories of fraud in accouting context (2)

Answer 8

• Misappropriation of assets
• Fraudulent financial reporting

Question 9

What is the ‘misappropriation of assets’?

Answer 9

Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data

Question 10

What is ‘fraudulent financial reporting’?

Answer 10

“cooking the books” (e.g., booking fictitious revenue, overstating assets, etc.)

Question 11

What are the threats made faced by modern infromation systems? (5)

Answer 11

• Malware
• Phishing
• Denial of Service attacks
• Insider threat
• Password attacks

Question 12

What is malware?

Answer 12

malicious software that is designed to disrupt or steal data from a computer, network, or server.

Question 13

What is ransomware?

Answer 13

This type of malware encrypts files on your system so
you can’t access them until you pay a “ransom” (usually in
cryptocurrency).

Question 14

What is spyware?

Answer 14

A malware that spies on user activities and send data to the hacker. This could include bank details, logins, and passwords.

Question 15

What are keyloggers?

Answer 15

Keyloggers are similar to spyware, except that they track
your activities. Everything you type (and the site you type it in) is sent to the hacker and can be used for blackmail or identity theft.

Question 16

What are trojans?

Answer 16

Named after the famous Trojan horse, these types of
malware “hide” inside a legitimate piece of software. For example, you might download what you think is antivirus software — only to have your device infected.

Question 17

What are viruses?

Answer 17

Viruses attach to programs and files and are triggered when you open them. Once active, a virus can self-replicate without your knowledge and slow down your device or destroy data.

Question 18

What are some examples of computer fraud? (4)

Answer 18

2020
Life Healthcare attacked through a
ransomware which crippled admission
systems, accounting/patient billing & email
servers. Manual backups resulted to delays
because of systems down time.

2021
Transnet Ports has attacked a ransomware
with two objectives: Sabotage & intrusion.
The attack exposed the vulnerabilities of SA
critical maritime infrastructure. The
ransomware prevented the staff members
from accessing information.

2023
RSAWEB experienced a sophisticated
ransomware attack that threatened user
security

2024
CIPC has recently been compromised in
a hack that has left millions of
companies vulnerable. The affected
services included the call centre,
website and self-help service centre.

Question 19

What is phising?

Answer 19

Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email.

Question 20

What is the goal of phising?

Answer 20

The goal is to steal sensitive data like credit card and login
information or to install malware on the victim’s machine.
Phishing is an increasingly common computer

Question 21

According to estimates, South African
businesses experience annual losses of around
R___ million due to phishing attacks and
internet fraud

On top of that, the South African Reserve Bank
(SARB) has identified ________________ and the
increasing use of new technologies as growing
threats to the country’s banking industry

Answer 21

250
cybercrime

Question 22

What is a denial-of-service attack?

Answer 22

A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests.

Question 23

What is a distributed denial-of-service attack?

Answer 23

Attackers can also use multiple compromised devices to launch this attack - this is known as a distributed denial-of-service (DDoS) attack

Question 24

What is an insider threat?

Answer 24

Insider threat is malicious computer fraud where the
perpetrator is from the organization.

Question 25

• This is a most ____________ threat in the context of accounting
• “Evil hackers are not your biggest threat, trusted insiders are. As many as ___% of South African companies have discovered cases of fraud committed by their own employees over the last few years. This startling statistic was uncovered in the first Insider Threat survey, sponsored by Magix Integration” Security SA

Answer 25

common
71

Question 26

What is password cracking?

Answer 26

• Password cracking involves penetrating a system’s
  defense, stealing the file containing passwords,
  decrypting them, and using them to gain access to
  all programs.

Question 27

True or false, Cyber crooks are making almost 1,000 attempts to hack account passwords every single second – and they’re more determined than ever, with the
number of attacks on the rise. The figures come from Microsoft’s Digital Defense Report 2022 and are based on an analysis of trillions of alerts and signals collected from the company’s worldwide ecosystem of products and
services.

Answer 27

False, Cyber crooks are making almost 1,200 attempts to hack account passwords every single second – and they’re more determined than ever, with the number of attacks on the rise.The figures come from Microsoft’s Digital Defense Report 2022 and are based on an analysis of trillions of alerts and signals collected from the company’s worldwide ecosystem of products and
services.

Question 28

What are the conditions of fraud, pressure, opportunity to and rationalization? (3x3)

Answer 28

Question 29

What is the fraud triangle? (4)

Answer 29

The fraud triangle discusses the conditions for fraud in a triangle

Question 30

What are the types of classifications of computer fraud? (5)

Answer 30

• Input
• Processor
• Computer instruction
• Data
• Output

Question 31

What is input fraud? (2)

Answer 31

The simplest and most common way to commit a computer fraud is to alter or falsify computer input.

It requires little skill; perpetrators need only understand how the system operates so they can cover their tracks.

Question 32

What are the examples of input fraud?

Answer 32

An employee at the Veteran’s Memorial Coliseum sold customers full-price tickets, entered them as half-price tickets, and pocketed the difference.

Question 33

What is processor fraud?

Answer 33

Processor fraud includes unauthorized system use, including the theft of computer time and services

Question 34

What are the examples of processor fraud?

Answer 34

An insurance company installed software to detect abnormal system activity and found that employees were using company computers to run an illegal gambling website.

Question 35

What is computer instructions fraud?

Answer 35

Computer instructions fraud includes tampering with company software, copying software illegally, using software in an unauthorized manner and developing software to carry out an unauthorized activity

Question 36

What is data fraud? (3)

Answer 36

• Illegally using, copying, browsing, searching, or harming company data constitutes data fraud.
• The biggest cause of data breaches is employee negligence.
• Companies now report that their losses are greater from the electronic theft of data than from stealing physical assets

Question 37

What is output fraud? (5)

Answer 37

• Involves stealing or misusing system output.
• Output is usually displayed on a screen or printed on paper.
• Unless properly safeguarded, screen output can easily be read from a remote location using inexpensive electronic gear.
• This output is also subject to prying eyes and unauthorized copying.
• Fraud perpetrators can use computers and peripheral devices to create counterfeit outputs, such as checks.

Question 38

How do organisations make fraud less likely to occur? (4)

Answer 38

• Create a culture of integrity
• Adopt structure that minimizes fraud, create governance
  (e.g., Board of Directors)
• Assign authority for business objectives and hold them
  accountable for achieving those objectives, effective
  supervision and monitoring of employees
• Communicate policies

Question 39

How do systems make fraud less likely to occur? (2)

Answer 39

• Develop security policies to guide and design specific control procedures
• Implement change management controls and project
  development acquisition controls

Question 40

How do organisations make fraud difficult to commit? (4)

Answer 40

• Develop strong internal controls
• Segregate accounting functions
• Use properly designed forms
• Require independent checks and reconciliations of data

Question 41

How do systems make fraud difficult to commit? (6)

Answer 41

• Restrict access
• System authentication
• Implement computer controls over input, processing, storage and output of data
• Use encryption
• Fix software bugs and update systems regularly
• Destroy hard drives when disposing of computers

Question 42

How do organisations improve detection? (3)

Answer 42

• Assess fraud risk
• External and internal audits
• Fraud hotline

Question 43

How do systems improve detections? (3)

Answer 43

• Audit trail of transactions through the system
• Install fraud detection software
• Monitor system activities (user and error logs, intrusion
  detection)

Question 44

How do organisations reduce fraud losses? (2)

Answer 44

• Insurance
• Business continuity and disaster recovery plan

Question 45

How do systems reduce fraud losses? (2)

Answer 45

• Store backup copies of program and data files in secure, off-site location
• Monitor system activity