6.2) Cybersecurity/Computer Fraud Flashcards
Define computer fraud (5)
Any means a person uses to gain an unfair advantage over another person ; includes:
– A false statement, representation, or disclosure
– A material fact, that induces a victim to act
– An intent to deceive
– Victim relied on the misrepresentation
– Injury or loss was suffered by the victim
- If a computer is used to commit fraud it is called computer __________ . Computer fraud is any fraud that requires computer _______________ to perpetrate it.
fruad
technology
What are some examples of computer fraud? (3)
- Unauthorized theft, use, access, modification, copying, or destruction of software, hardware, or data.
- Theft of assets covered up by altering computer records.
- Obtaining information or tangible property illegally using computers
Define vulnerability in cybersecurity and how they arise
a weakness or flaw in a system, network, software, or process that could be exploited by attackers to compromise the confidentiality, integrity, or availability of data or resources. Vulnerabilities can arise from various factors such as programming errors, misconfigurations, design flaws, or outdated software.
Define a threat in cybersecurity
any potential danger or harm that could exploit a vulnerability and negatively impact an organization’s assets, operations, or reputation
Define an attack in cybersecurity
an unauthorized attempt to exploit vulnerabilities and breach the security defenses of a system or network. Common types of cyberattacks include phishing, malware infections, denial-of-service (DoS) attacks, and social engineering.
Define countermeasures in cybersecurity
Countermeasures are proactive or reactive measures implemented to prevent, detect, mitigate, or respond to cybersecurity threats and attacks. Countermeasures can include technical controls (such as firewalls, antivirus software, encryption), administrative controls (such as security policies, employee training, access controls), and physical controls (such as locks, biometric authentication, surveillance).
What are two categories of fraud in accouting context (2)
- Misappropriation of assets
- Fraudulent financial reporting
What is the ‘misappropriation of assets’?
Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data
What is ‘fraudulent financial reporting’?
“cooking the books” (e.g., booking fictitious revenue, overstating assets, etc.)
What are the threats made faced by modern infromation systems? (5)
- Malware
- Phishing
- Denial of Service attacks
- Insider threat
- Password attacks
What is malware?
malicious software that is designed to disrupt or steal data from a computer, network, or server.
What is ransomware?
This type of malware encrypts files on your system so
you can’t access them until you pay a “ransom” (usually in
cryptocurrency).
What is spyware?
A malware that spies on user activities and send data to the hacker. This could include bank details, logins, and passwords.
What are keyloggers?
Keyloggers are similar to spyware, except that they track
your activities. Everything you type (and the site you type it in) is sent to the hacker and can be used for blackmail or identity theft.
What are trojans?
Named after the famous Trojan horse, these types of
malware “hide” inside a legitimate piece of software. For example, you might download what you think is antivirus software — only to have your device infected.
What are viruses?
Viruses attach to programs and files and are triggered when you open them. Once active, a virus can self-replicate without your knowledge and slow down your device or destroy data.
What are some examples of computer fraud? (4)
2020
Life Healthcare attacked through a
ransomware which crippled admission
systems, accounting/patient billing & email
servers. Manual backups resulted to delays
because of systems down time.
2021
Transnet Ports has attacked a ransomware
with two objectives: Sabotage & intrusion.
The attack exposed the vulnerabilities of SA
critical maritime infrastructure. The
ransomware prevented the staff members
from accessing information.
2023
RSAWEB experienced a sophisticated
ransomware attack that threatened user
security
2024
CIPC has recently been compromised in
a hack that has left millions of
companies vulnerable. The affected
services included the call centre,
website and self-help service centre.
What is phising?
Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email.
What is the goal of phising?
The goal is to steal sensitive data like credit card and login
information or to install malware on the victim’s machine.
Phishing is an increasingly common computer
According to estimates, South African
businesses experience annual losses of around
R___ million due to phishing attacks and
internet fraud
On top of that, the South African Reserve Bank
(SARB) has identified ________________ and the
increasing use of new technologies as growing
threats to the country’s banking industry
250
cybercrime
What is a denial-of-service attack?
A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests.
What is a distributed denial-of-service attack?
Attackers can also use multiple compromised devices to launch this attack - this is known as a distributed denial-of-service (DDoS) attack
What is an insider threat?
Insider threat is malicious computer fraud where the
perpetrator is from the organization.
- This is a most ____________ threat in the context of accounting
- “Evil hackers are not your biggest threat, trusted insiders are. As many as ___% of South African companies have discovered cases of fraud committed by their own employees over the last few years. This startling statistic was uncovered in the first Insider Threat survey, sponsored by Magix Integration” Security SA
common
71
What is password cracking?
- Password cracking involves penetrating a system’s
defense, stealing the file containing passwords,
decrypting them, and using them to gain access to
all programs.
True or false, Cyber crooks are making almost 1,000 attempts to hack account passwords every single second – and they’re more determined than ever, with the
number of attacks on the rise. The figures come from Microsoft’s Digital Defense Report 2022 and are based on an analysis of trillions of alerts and signals collected from the company’s worldwide ecosystem of products and
services.
False, Cyber crooks are making almost 1,200 attempts to hack account passwords every single second – and they’re more determined than ever, with the number of attacks on the rise.The figures come from Microsoft’s Digital Defense Report 2022 and are based on an analysis of trillions of alerts and signals collected from the company’s worldwide ecosystem of products and
services.
What are the conditions of fraud, pressure, opportunity to and rationalization? (3x3)
What is the fraud triangle? (4)
The fraud triangle discusses the conditions for fraud in a triangle
What are the types of classifications of computer fraud? (5)
- Input
- Processor
- Computer instruction
- Data
- Output
What is input fraud? (2)
The simplest and most common way to commit a computer fraud is to alter or falsify computer input.
It requires little skill; perpetrators need only understand how the system operates so they can cover their tracks.
What are the examples of input fraud?
An employee at the Veteran’s Memorial Coliseum sold customers full-price tickets, entered them as half-price tickets, and pocketed the difference.
What is processor fraud?
Processor fraud includes unauthorized system use, including the theft of computer time and services
What are the examples of processor fraud?
An insurance company installed software to detect abnormal system activity and found that employees were using company computers to run an illegal gambling website.
What is computer instructions fraud?
Computer instructions fraud includes tampering with company software, copying software illegally, using software in an unauthorized manner and developing software to carry out an unauthorized activity
What is data fraud? (3)
- Illegally using, copying, browsing, searching, or harming company data constitutes data fraud.
- The biggest cause of data breaches is employee negligence.
- Companies now report that their losses are greater from the electronic theft of data than from stealing physical assets
What is output fraud? (5)
- Involves stealing or misusing system output.
- Output is usually displayed on a screen or printed on paper.
- Unless properly safeguarded, screen output can easily be read from a remote location using inexpensive electronic gear.
- This output is also subject to prying eyes and unauthorized copying.
- Fraud perpetrators can use computers and peripheral devices to create counterfeit outputs, such as checks.
How do organisations make fraud less likely to occur? (4)
- Create a culture of integrity
- Adopt structure that minimizes fraud, create governance
(e.g., Board of Directors) - Assign authority for business objectives and hold them
accountable for achieving those objectives, effective
supervision and monitoring of employees - Communicate policies
How do systems make fraud less likely to occur? (2)
- Develop security policies to guide and design specific control procedures
- Implement change management controls and project
development acquisition controls
How do organisations make fraud difficult to commit? (4)
- Develop strong internal controls
- Segregate accounting functions
- Use properly designed forms
- Require independent checks and reconciliations of data
How do systems make fraud difficult to commit? (6)
- Restrict access
- System authentication
- Implement computer controls over input, processing, storage and output of data
- Use encryption
- Fix software bugs and update systems regularly
- Destroy hard drives when disposing of computers
How do organisations improve detection? (3)
- Assess fraud risk
- External and internal audits
- Fraud hotline
How do systems improve detections? (3)
- Audit trail of transactions through the system
- Install fraud detection software
- Monitor system activities (user and error logs, intrusion
detection)
How do organisations reduce fraud losses? (2)
- Insurance
- Business continuity and disaster recovery plan
How do systems reduce fraud losses? (2)
- Store backup copies of program and data files in secure, off-site location
- Monitor system activity