6.2) Cybersecurity/Computer Fraud Flashcards
Define computer fraud (5)
Any means a person uses to gain an unfair advantage over another person ; includes:
– A false statement, representation, or disclosure
– A material fact, that induces a victim to act
– An intent to deceive
– Victim relied on the misrepresentation
– Injury or loss was suffered by the victim
- If a computer is used to commit fraud it is called computer __________ . Computer fraud is any fraud that requires computer _______________ to perpetrate it.
fruad
technology
What are some examples of computer fraud? (3)
- Unauthorized theft, use, access, modification, copying, or destruction of software, hardware, or data.
- Theft of assets covered up by altering computer records.
- Obtaining information or tangible property illegally using computers
Define vulnerability in cybersecurity and how they arise
a weakness or flaw in a system, network, software, or process that could be exploited by attackers to compromise the confidentiality, integrity, or availability of data or resources. Vulnerabilities can arise from various factors such as programming errors, misconfigurations, design flaws, or outdated software.
Define a threat in cybersecurity
any potential danger or harm that could exploit a vulnerability and negatively impact an organization’s assets, operations, or reputation
Define an attack in cybersecurity
an unauthorized attempt to exploit vulnerabilities and breach the security defenses of a system or network. Common types of cyberattacks include phishing, malware infections, denial-of-service (DoS) attacks, and social engineering.
Define countermeasures in cybersecurity
Countermeasures are proactive or reactive measures implemented to prevent, detect, mitigate, or respond to cybersecurity threats and attacks. Countermeasures can include technical controls (such as firewalls, antivirus software, encryption), administrative controls (such as security policies, employee training, access controls), and physical controls (such as locks, biometric authentication, surveillance).
What are two categories of fraud in accouting context (2)
- Misappropriation of assets
- Fraudulent financial reporting
What is the ‘misappropriation of assets’?
Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data
What is ‘fraudulent financial reporting’?
“cooking the books” (e.g., booking fictitious revenue, overstating assets, etc.)
What are the threats made faced by modern infromation systems? (5)
- Malware
- Phishing
- Denial of Service attacks
- Insider threat
- Password attacks
What is malware?
malicious software that is designed to disrupt or steal data from a computer, network, or server.
What is ransomware?
This type of malware encrypts files on your system so
you can’t access them until you pay a “ransom” (usually in
cryptocurrency).
What is spyware?
A malware that spies on user activities and send data to the hacker. This could include bank details, logins, and passwords.
What are keyloggers?
Keyloggers are similar to spyware, except that they track
your activities. Everything you type (and the site you type it in) is sent to the hacker and can be used for blackmail or identity theft.
What are trojans?
Named after the famous Trojan horse, these types of
malware “hide” inside a legitimate piece of software. For example, you might download what you think is antivirus software — only to have your device infected.
What are viruses?
Viruses attach to programs and files and are triggered when you open them. Once active, a virus can self-replicate without your knowledge and slow down your device or destroy data.
What are some examples of computer fraud? (4)
2020
Life Healthcare attacked through a
ransomware which crippled admission
systems, accounting/patient billing & email
servers. Manual backups resulted to delays
because of systems down time.
2021
Transnet Ports has attacked a ransomware
with two objectives: Sabotage & intrusion.
The attack exposed the vulnerabilities of SA
critical maritime infrastructure. The
ransomware prevented the staff members
from accessing information.
2023
RSAWEB experienced a sophisticated
ransomware attack that threatened user
security
2024
CIPC has recently been compromised in
a hack that has left millions of
companies vulnerable. The affected
services included the call centre,
website and self-help service centre.