6.2) Cybersecurity/Computer Fraud Flashcards

1
Q

Define computer fraud (5)

A

Any means a person uses to gain an unfair advantage over another person ; includes:
– A false statement, representation, or disclosure
– A material fact, that induces a victim to act
– An intent to deceive
– Victim relied on the misrepresentation
– Injury or loss was suffered by the victim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • If a computer is used to commit fraud it is called computer __________ . Computer fraud is any fraud that requires computer _______________ to perpetrate it.
A

fruad
technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some examples of computer fraud? (3)

A
  • Unauthorized theft, use, access, modification, copying, or destruction of software, hardware, or data.
  • Theft of assets covered up by altering computer records.
  • Obtaining information or tangible property illegally using computers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define vulnerability in cybersecurity and how they arise

A

a weakness or flaw in a system, network, software, or process that could be exploited by attackers to compromise the confidentiality, integrity, or availability of data or resources. Vulnerabilities can arise from various factors such as programming errors, misconfigurations, design flaws, or outdated software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define a threat in cybersecurity

A

any potential danger or harm that could exploit a vulnerability and negatively impact an organization’s assets, operations, or reputation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define an attack in cybersecurity

A

an unauthorized attempt to exploit vulnerabilities and breach the security defenses of a system or network. Common types of cyberattacks include phishing, malware infections, denial-of-service (DoS) attacks, and social engineering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define countermeasures in cybersecurity

A

Countermeasures are proactive or reactive measures implemented to prevent, detect, mitigate, or respond to cybersecurity threats and attacks. Countermeasures can include technical controls (such as firewalls, antivirus software, encryption), administrative controls (such as security policies, employee training, access controls), and physical controls (such as locks, biometric authentication, surveillance).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are two categories of fraud in accouting context (2)

A
  • Misappropriation of assets
  • Fraudulent financial reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the ‘misappropriation of assets’?

A

Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is ‘fraudulent financial reporting’?

A

“cooking the books” (e.g., booking fictitious revenue, overstating assets, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the threats made faced by modern infromation systems? (5)

A
  • Malware
  • Phishing
  • Denial of Service attacks
  • Insider threat
  • Password attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is malware?

A

malicious software that is designed to disrupt or steal data from a computer, network, or server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is ransomware?

A

This type of malware encrypts files on your system so
you can’t access them until you pay a “ransom” (usually in
cryptocurrency).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is spyware?

A

A malware that spies on user activities and send data to the hacker. This could include bank details, logins, and passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are keyloggers?

A

Keyloggers are similar to spyware, except that they track
your activities. Everything you type (and the site you type it in) is sent to the hacker and can be used for blackmail or identity theft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are trojans?

A

Named after the famous Trojan horse, these types of
malware “hide” inside a legitimate piece of software. For example, you might download what you think is antivirus software — only to have your device infected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are viruses?

A

Viruses attach to programs and files and are triggered when you open them. Once active, a virus can self-replicate without your knowledge and slow down your device or destroy data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are some examples of computer fraud? (4)

A

2020
Life Healthcare attacked through a
ransomware which crippled admission
systems, accounting/patient billing & email
servers. Manual backups resulted to delays
because of systems down time.

2021
Transnet Ports has attacked a ransomware
with two objectives: Sabotage & intrusion.
The attack exposed the vulnerabilities of SA
critical maritime infrastructure. The
ransomware prevented the staff members
from accessing information.

2023
RSAWEB experienced a sophisticated
ransomware attack that threatened user
security

2024
CIPC has recently been compromised in
a hack that has left millions of
companies vulnerable. The affected
services included the call centre,
website and self-help service centre.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is phising?

A

Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email.

20
Q

What is the goal of phising?

A

The goal is to steal sensitive data like credit card and login
information or to install malware on the victim’s machine.
Phishing is an increasingly common computer

21
Q

According to estimates, South African
businesses experience annual losses of around
R___ million due to phishing attacks and
internet fraud

On top of that, the South African Reserve Bank
(SARB) has identified ________________ and the
increasing use of new technologies as growing
threats to the country’s banking industry

A

250
cybercrime

22
Q

What is a denial-of-service attack?

A

A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests.

23
Q

What is a distributed denial-of-service attack?

A

Attackers can also use multiple compromised devices to launch this attack - this is known as a distributed denial-of-service (DDoS) attack

24
Q

What is an insider threat?

A

Insider threat is malicious computer fraud where the
perpetrator is from the organization.

25
Q
  • This is a most ____________ threat in the context of accounting
  • “Evil hackers are not your biggest threat, trusted insiders are. As many as ___% of South African companies have discovered cases of fraud committed by their own employees over the last few years. This startling statistic was uncovered in the first Insider Threat survey, sponsored by Magix Integration” Security SA
A

common
71

26
Q

What is password cracking?

A
  • Password cracking involves penetrating a system’s
    defense, stealing the file containing passwords,
    decrypting them, and using them to gain access to
    all programs.
27
Q

True or false, Cyber crooks are making almost 1,000 attempts to hack account passwords every single second – and they’re more determined than ever, with the
number of attacks on the rise. The figures come from Microsoft’s Digital Defense Report 2022 and are based on an analysis of trillions of alerts and signals collected from the company’s worldwide ecosystem of products and
services.

A

False, Cyber crooks are making almost 1,200 attempts to hack account passwords every single second – and they’re more determined than ever, with the number of attacks on the rise.The figures come from Microsoft’s Digital Defense Report 2022 and are based on an analysis of trillions of alerts and signals collected from the company’s worldwide ecosystem of products and
services.

28
Q

What are the conditions of fraud, pressure, opportunity to and rationalization? (3x3)

A
29
Q

What is the fraud triangle? (4)

A

The fraud triangle discusses the conditions for fraud in a triangle

30
Q

What are the types of classifications of computer fraud? (5)

A
  • Input
  • Processor
  • Computer instruction
  • Data
  • Output
31
Q

What is input fraud? (2)

A

The simplest and most common way to commit a computer fraud is to alter or falsify computer input.

It requires little skill; perpetrators need only understand how the system operates so they can cover their tracks.

32
Q

What are the examples of input fraud?

A

An employee at the Veteran’s Memorial Coliseum sold customers full-price tickets, entered them as half-price tickets, and pocketed the difference.

33
Q

What is processor fraud?

A

Processor fraud includes unauthorized system use, including the theft of computer time and services

34
Q

What are the examples of processor fraud?

A

An insurance company installed software to detect abnormal system activity and found that employees were using company computers to run an illegal gambling website.

35
Q

What is computer instructions fraud?

A

Computer instructions fraud includes tampering with company software, copying software illegally, using software in an unauthorized manner and developing software to carry out an unauthorized activity

36
Q

What is data fraud? (3)

A
  • Illegally using, copying, browsing, searching, or harming company data constitutes data fraud.
  • The biggest cause of data breaches is employee negligence.
  • Companies now report that their losses are greater from the electronic theft of data than from stealing physical assets
37
Q

What is output fraud? (5)

A
  • Involves stealing or misusing system output.
  • Output is usually displayed on a screen or printed on paper.
  • Unless properly safeguarded, screen output can easily be read from a remote location using inexpensive electronic gear.
  • This output is also subject to prying eyes and unauthorized copying.
  • Fraud perpetrators can use computers and peripheral devices to create counterfeit outputs, such as checks.
38
Q

How do organisations make fraud less likely to occur? (4)

A
  • Create a culture of integrity
  • Adopt structure that minimizes fraud, create governance
    (e.g., Board of Directors)
  • Assign authority for business objectives and hold them
    accountable for achieving those objectives, effective
    supervision and monitoring of employees
  • Communicate policies
39
Q

How do systems make fraud less likely to occur? (2)

A
  • Develop security policies to guide and design specific control procedures
  • Implement change management controls and project
    development acquisition controls
40
Q

How do organisations make fraud difficult to commit? (4)

A
  • Develop strong internal controls
  • Segregate accounting functions
  • Use properly designed forms
  • Require independent checks and reconciliations of data
41
Q

How do systems make fraud difficult to commit? (6)

A
  • Restrict access
  • System authentication
  • Implement computer controls over input, processing, storage and output of data
  • Use encryption
  • Fix software bugs and update systems regularly
  • Destroy hard drives when disposing of computers
42
Q

How do organisations improve detection? (3)

A
  • Assess fraud risk
  • External and internal audits
  • Fraud hotline
43
Q

How do systems improve detections? (3)

A
  • Audit trail of transactions through the system
  • Install fraud detection software
  • Monitor system activities (user and error logs, intrusion
    detection)
44
Q

How do organisations reduce fraud losses? (2)

A
  • Insurance
  • Business continuity and disaster recovery plan
45
Q

How do systems reduce fraud losses? (2)

A
  • Store backup copies of program and data files in secure, off-site location
  • Monitor system activity