the institute of internal auditors long island chapter ... speaker, suffolk county comptroller john...
TRANSCRIPT
Volume 18 March 2018 Issue 7
1
The Institute of Internal Auditors
Long Island Chapter Newsletter Volume 18 March 2018 Issue 7
In This Issue... 1. President’s March Message:
“All About Fraud”
2. February 2018 Conference Recap
Annual Fraud Conference
3. Annual IT Conference
March 23, 2018
4. Chapter Volunteers NEEDED (Newsletter)
5. LI Chapter 2017/2018 Programs
6. Fraud Alert:
‘Ransomware Continues to Evolve into New Variants'
By: Robert E. Holtfreter
7. Certification & Training News
8. LI Chapter Officers and Board
Upcoming Events
Annual IT
Conference
Annual
Conference
March 23, 2018
Melville Marriott
April 27, 2018
Melville Marriott
See page 3 for further details.
For more information, go to: https://chapters.theiia.org/long-island/Pages/default.aspx
2 Volume 18 March 2018 Issue 7
2
What is ‘fraud’? According to Wikipedia, it is a deliberate deception to secure unfair or unlawful gain, or to
deprive a victim of a legal right.
You might ask why I am bringing this to your attention. The answer is simple. Fraud is evident in most, if not
all, organizations and we, as internal auditors, need to ascertain that adequate and effective internal controls are
in place to provide reasonable assurance that fraud acts can be prevented and/or detected.
We just completed our Fraud Conference on February 16th and had a great turnout of over 150 attendees. Our
keynote speaker, Suffolk County Comptroller John Kennedy, gave a wonderful presentation while sticking to
the theme of the day, ‘fraud’. We closed the day with a topic that’s relevant to all internal auditors, Financial
Statement Fraud. In between there were some interesting fraud trivia by our very own former LI Chapter
President and Fraud Conference facilitator, Ernie Patrick Smith.
Just a couple of weeks ago I read an article about a $1.8B fraud committed by employees within Punjab
National Bank. Without much details about the crime, we as auditors have to ask ourselves whether there was a
lack of internal controls or what controls failed to identify this fraud. Moreover, we need to look within our own
organizations to determine whether this can happen to us.
Thanks to those of you who have reached out about the possibility of becoming a member of the LI Chapter
Board. Anyone else interested in joining the LI Chapter Board should email Alice Seoylemezian
([email protected]) who will provide more details.
Our next conference will be on March 23rd, which is our Annual IT Conference. This conference will be
facilitated by one of our Board members, Mr. Joel Lanz. The conference will be presented by Shawna Flanders
from MISTI and will feature a variety of current IT topics with significant relevance to the internal audit
profession, including:
A Look Inside the Crystal Ball: IT Emerging Trends in 2018
Auditing Mobile Devices and Mobile Management System
Incident Response – Learning how Breach Preparation can Drive Down Loss
On April 27, 2018 we will round out the Chapter year with our Annual Conference. Stay tuned for more
information on this program in next month’s newsletter.
Please reach out to myself or a Board member should you need any assistance. I can be reached at 1-516-349-
2050 or [email protected].
Kind regards,
Rocky Shankar, CIA, CCSA, CRMA
IIA Long Island Chapter President’s Message – March
2018Annual IT Conference
3 Volume 18 March 2018 Issue 7
3
Event Summary
Our February Fraud Conference featured a variety of presentations of fraud and its impact on organizations, but
in addition to fraud, the conference also covered an update on the LI economics. The day started with an update
on the LI economy, which was followed by the Suffolk County Comptroller speaking about his philosophy and
efforts as a true public servant. To close out the morning portion of the day, we had speakers from Nawrocki
Smith and Certilman delve into the intricacies of the world of Not-for-Profit entities. In the afternoon, we had a
speaker from Marcum cover Financial Statement Fraud.
A special thanks to our Board member, Ernie Patrick Smith, for putting together the conference. We also had a
very nice turnout of 151 attendees.
Photos from the Fraud Conference
Left: Rocky Shankar and Suffolk County
Comptroller, John Kennedy.
Right: Phil Marciano from Nawrocki Smith
speaking on ‘Nonprofit Fraud’
Left: Jonathan Marks from Marcum LLC
speaking on ‘Financial Statement Fraud’
Right: Ernest Patrick Smith, Fraud Conference
facilitator and IIA Long Island Chapter past
President with Suffolk County Comptroller, John
Kennedy
Paula Ragusa, Senior Risk Officer/VP at Sterling National Bank, was the Survey Winner, via a random
drawing, for responding to the survey for the Fraud Conference. A gift card from the IIA Long Island Chapter is
on its way to Paula. Please note that a random drawing is held after every seminar. Respond to the survey and
you can also be a winner.
February 2018 Conference Recap
Annual Fraud Conference
3 Volume 18 March 2018 Issue 7
3
Annual IT Conference March 23, 2018 – Melville Marriott
8:30 a.m. – 5:00 p.m.
(8 CPE/CPD Credits)
Event Summary
This conference will feature a variety of current IT topics with significant relevance to the internal audit
profession. Here is a glimpse of the topics:
A Look Inside the Crystal Ball: IT Emerging Trends in 2018
Auditing Mobile Devices and Mobile Management System
Incident Response – Learning how Breach Preparation can Drive Down Loss
8:30 – 8:45 AM: Welcome and General Chapter Announcements
8:45 – 10 AM: A Look Inside the Crystal Ball: IT Emerging Trends in 2018 Our day will begin with a discussion on IT emerging trends. We will discuss what are the technology trends and
predictions for 2018, including how cybercrime is evolving. We will also discuss various technology solutions
and how our assessments are evolving to address these changes in both capability and use. We will also
highlight various tips on how to assess the risk and execute audit fieldwork.
10 – 10:15 AM: Morning Break
10:15 – 11 AM: A Look Inside the Crystal Ball: IT Emerging Trends in 2018
(Cont.)
11 – 12 PM: Auditing Mobile Devices and Mobile Management System We will discuss both mobile technology and mobile applications. We will share with you the capabilities and
risks of Mobile Management (Enterprise Mobility) solutions. We will also discuss what should be included in a
mobile computing audit.
12 – 1 PM: Lunch
1 – 2 PM: Auditing Mobile Devices and Mobile Management System (Cont.)
Annual IT Conference
4 Volume 18 March 2018 Issue 7
4
2 – 2:30 PM: Incident Response – Learning how Breach Preparation can Drive
Down Loss Our day will conclude with a discussion on Incident Response and why preparation is critical to the Incident
Response Program. We will discuss what should be included in the Incident Response Plan, and why training
and testing are critical. We will also discuss how audit can participate in Incident Response Exercises and how
we can assess the effectiveness of the Incident Response Program.
2:30– 2:45 PM: Afternoon Break
2:45 – 5 PM: Incident Response – Learning how Breach Preparation can Drive
Down Loss (Cont.)
About Our Speaker
Shawna Flanders is the Director of Instructional Technology & Innovation at MIS Training Institute
(MISTI). Shawna’s passion rests firmly on three pillars: 1. Enriching companies in building and improving their
strategies, programs and underlying processes (primarily within technology, Technology Internal Audit, IT
GRC, Technology Related Risk Management, Information Security, BCP/DR, Project Management and Process
Reengineering); 2. Mentoring individuals: both in the topics above, as well as aiding in their quest for ISACA
certifications; 3. Enhancing and developing curriculum and other publications to improve the profession.
With nearly 29 years of experience in the financial services sector, Shawna brings her real world experience to
every engagement. She has completed certificate programs in Risk Management from Kaplan University and
Six Sigma Green & Lean/Black Belt from Villanova University, and has earned the Life Operations
Management Association – Associate of Customer Service designation, as well as holding certifications in
CRISC, CISM, CISA and CSSGB.
Shawna teaches several MISTI seminars. She designs her own course content and also has contributed and/or
reviewed multiple publications including ISACA CRISC and CISM Review Manuals; Risk IT and COBIT® 5
for Risk. She has also participated in development of the Risk Management and Assurance ISACA Training
Week courses.
Annual IT Conference (continued)
5 Volume 18 March 2018 Issue 7
5
Registration for the Annual IT Conference
Here is the link to register for this program:
http://www.cvent.com/d/ntqy34/4W
Information supplied with this link includes an overview of the seminar program and additional
background on our speakers. Registration options are also noted in the write-up. If there is any problem
accessing this link try copying it in your browser. Chapter members have received details on registration
for the Program in a direct email message. Should you have any questions regarding the Program or with
the link, please call or Email Rocky Shankar, our Chapter President at: ROCKY SHANKAR:
Telephone: 516-349-2050 or Email: [email protected]
Details for Attending the Long Island Chapter Seminar Please refer to notes outlined below for details on our Seminar Time, venue, dress-code, breakfast/lunch
offerings and other details pertaining to all programs.
This information is supplied to aid in use of the Chapter Program schedule. Please note that every effort
is made to accommodate the needs of all attendees. Contact any Chapter officer/board member with
your comments and needs to make the programs a professional experience.
Continental Breakfast: Served at 8 AM
Lunch: Usually served at 12 PM
Dress: Business Casual
Venue –Program is held at the Melville Marriott in Melville, Long Island. There is ample on-site
parking and the Marriott is convenient to Old Country Road, the Northern State Parkway, Long Island
Expressway and Route 110.
Program Cancellation – Over the years, only a few cancellations have occurred (hurricanes, snow
days). A direct telephone number to the Marriott is: (631) 423-1600. All events are rescheduled.
Registration for individual events – Generally opens 20 days prior to each event. Registration
information is emailed to Chapter members and will appear in the Chapter Newsletter. For more
information go to OUR Chapter website: https://chapters.theiia.org/long-island/Pages/default.aspx
CPE/CPD Certifications – Attendees who participate in a program will receive a CPE/CPD certificate
and be registered to receive credit for use in their certification needs, as appropriate.
Annual IT Conference (continued)
6 Volume 18 March 2018 Issue 7
6
If you would like to volunteer within the Long Island Chapter please do not hesitate to contact me - (Rocky
Shankar at [email protected]). We are especially in need of someone to serve on the Board on the
Communications Committee to assist with the monthly newsletters.
Below is the program schedule for the remainder of the 2017/2018 Chapter year.
Date/Location Format CPE/CPDs Topic Prices
March 23, 2018 Friday
Melville Marriott
Full Day
(Breakfast and Lunch)
8 CPE/CPDs
Annual IT Conference
Member - $150 Non-member - $200
Student - $30
April 27, 2018 Friday
Melville Marriott
Full Day
(Breakfast and Lunch) 8 CPE/CPDs
Annual Conference
Member - $150 Non-member - $200
Student - $30
Continental Breakfast is served at 8:00 a.m. Registration for individual events generally opens 20 days
before each event. For more information go to: https://chapters.theiia.org/long-island/Pages/default.aspx
Chapter Volunteers
Long Island Chapter 2017/2018 Upcoming Programs
7 Volume 18 March 2018 Issue 7
7
Ransomware Continues to Evolve into New Variants
By: Robert E. Holtfreter
Ransomware, which morphed from scareware fraud around 1998, isn’t abating. Fraudsters are still holding
electronic devices ransom with creative variants and extorting money and personally identifiable information.
Here are some of the historical and current developments plus ways to help others avoid ransomware.
Duke Winston had just graduated from a university with a degree in marketing and was excited to start work
with a major San Francisco advertising firm. One evening a message flashed on his computer screen that said his
files were encrypted, and he had to click on a link to a website and pay $300 to gain access to the key to decrypt
his files. If he didn’t pay the ransom in seven days, the message said, the amount would increase. Duke talked
with a friend who worked for a computer company, who said the ransomware probably infected Duke’s
computer when he clicked on a malicious link or file in an email or attachment. However, Duke lucked out
because he’d previously backed up all his files. He could keep his $300.
Even though Duke’s story is fictitious, thousands of individuals and businesses still are ransomware fraud fodder
for online criminals, and many of them aren’t as fortunate as Duke.
Based on the escalating number of major ransomware attacks reported by the media last year, we could easily get
the impression that this scheme is a relatively new phenomenon. But the first variant of ransomware, PC Cyborg,
which evolved in 1998 from scareware fraud, is increasingly showing up as numerous variants.
Although losses from ransomware were relatively minor in its earlier years, they’ve grown significantly from
about $24 million in 2015 to $1 billion in 2016, according to Danny Palmer in his Sept. 8, 2016, ZDNet article.
And back in May 2017, Jonathan Berr of CBS’s Moneywatch said that losses from the “WannaCry” ransomware
alone (described below) could reach $4 billion in 2017.
In both ransomware and scareware fraud schemes, fraudsters follow the same script by using extortion tactics to
panic victims and trick them into unloading their cash and divulging their personally identifiable information
(PII). We can consider ransomware to be a “new and improved” version of scareware fraud.
Scareware Fraud
In general, scareware fraud emerges when a user is browsing the internet and receives a warning message that
his computer is infected with a dangerous virus. The message suggests that the user can download a free trial
version of a new software security suite.
While the user is pondering what to do, they typically are bombarded with online advertisements and security
warning pop-up windows informing them that their computer’s data isn’t secure. And then several of their
favorite software programs stop running correctly. The free software security often doesn’t fix the problem. The
user must instead pay a subscription fee, usually about $40, to receive the full version of the suite to remove the
virus. But the computer continues to malfunction even with the full version.
FRAUD ALERT from the LONG ISLAND CHAPTER of the IIA
8 Volume 18 March 2018 Issue 7
8
The scareware hackers now have the victim’s credit card information and can gain access to their personal files
and habits. The scammers then can steal identities, transfer money from bank accounts, make fraudulent charges
on credit cards and much more. In worst-case scenarios, scareware scams can have devastating repercussions for
years to come.
Ransomware
Ransomware, on the other hand, typically displays an on-screen alert on a user’s screen stating that the
computer systems have been locked or files have been encrypted. To restore the user’s systems or gain access to
the encrypted files, the user must pay a ransom — most often in bitcoin — within a certain time period.
I reported on the emergence of ransomware in a feature article I wrote with Tiffany McLeod, European
fraudsters say pay up or your computer and files are goners! in the July/August 2013 issue of Fraud Magazine.
As we wrote then, fraudsters initially focused their attention on victims in European countries, but in 2013, they
began to refocus their efforts on victims in other countries, including the U.S.
Individuals and businesses in approximately 150 countries have now experienced the ransomware scam. (See
Global cyberattack: Full list of countries affected by the ransomware campaign, by Agamoni Ghosh,
International Business Times, May 16, 2017.)
The ransomware malware variants have “left no prisoners behind” as they have invaded organizations
worldwide in every industry sector imaginable, including the health care industry, which was hit relatively hard
last year. But the hackers’ marketing plan doesn’t end just with industry penetration as shown by the number of
emerging ransomware variants. Of course, this is nothing new as fraudsters continue to develop “new and
improved” versions of many of their products, which organizations and security specialists find extremely
difficult to overcome.
Fraudsters have used ransomware to create lucrative businesses because many individuals and businesses pay
the demanded ransoms to unlock and log into their computers or get the keys to decrypt their encrypted files.
Also, some variants of ransomware plant various types of malware within networks, including some that allow
fraudsters to steal PII related to online banking account users. More bang for the buck. This results in a double-
whammy risk for many individuals and organizations and, in most cases, prompts them to invest significant
resources to recover from it or help prevent it, although the probability of doing so isn’t great.
Employees who aren’t adequately trained in how ransomware is delivered compound the ransomware problem
and hinder development of improved detection and prevention tactics. Organizations need to overcome this
weakness so employees at all levels can respond correctly and not be victimized.
FRAUD ALERT from the LONG ISLAND CHAPTER of the IIA
(continued)
9 Volume 18 March 2018 Issue 7
9
Delivery of Ransomware
The majority of ransomware is delivered via these ways:
Phishing schemes.
The “drive-by downloading” technique, which occurs when a user unknowingly clicks on a link that takes them
to a contaminated website at which malware is then downloaded and installed on the user’s computer without
the user’s knowledge.
Clicking on a contaminated link in a popular website or through social media, such as web-based instant
messaging applications.
Malware-infected advertising (malvertising).
Fraudsters target all types of devices to deliver ransomware, but they’re now aiming at mobile devices because
that’s where most people spend their time online.
Hackers might exploit vulnerable web servers as entry points to gain access to networks to download
ransomware malware. This technique allows a hacker to install additional malicious malware that searches for
new vulnerabilities and exploits networks to gain access to PII, including usernames, credit card numbers and
routing information for bank accounts.
General Types of Ransomware
Ransomware is classified into two general types: Lock Screen (or Locker also known as Winlocker) and
Encryption (or Crypto).
Lock Screen types lock up computers or other devices, which prevents users from logging in. Encryption types
encrypt user files, which denies users accessibility and use.
Lock Screen, the predominate form, displays a full-screen image or web page that prevents the user from
accessing anything in the affected computer. Fraudsters use social engineering techniques such as displaying FBI
or IRS logos to panic and scare users, which is why so many of them succumb to the fraud.
Encryption ransomware, a less common form, uses a direct ransom demand approach instead of social
engineering. After the fraudsters hook a victim, the ransomware encrypts the files, which prevents the user from
opening them. The fraudsters then demand payment in exchange for a key to access and decrypt the encrypted
files.
Because of their initial financial success, the evolving variants have become more sophisticated, which makes it
difficult for individuals and organizations to keep up with and overcome them.
FRAUD ALERT from the LONG ISLAND CHAPTER of the IIA
(continued)
10 Volume 18 March 2018 Issue 7
10
Common Ransomware Variants
To help understand why ransomware has become so sophisticated and difficult to detect and prevent, it’s
important to track the evolution of some of the more common major variants. Organizations then will be able to
refocus their efforts more clearly when developing tactics to identify and patch vulnerabilities in their networks
to avoid being victimized by older as well as possible new variants of ransomware.
PC Cyborg The first variant of ransomware, PC Cyborg, which emerged in 1998, was designed with simple symmetric
encryption to lock user files, according to Common Types of Ransomware, by Paul Rubens, Security Planet,
March 2, 2017. It was relatively unsuccessful because hackers could easily produce tools to decrypt locked files,
so they created newer and more sophisticated versions of ransomware, which they began to use big starting in
2012.
Reveton Reveton ransomware, which evolved from the PC Cyborg in 2012, prevents users from logging onto their
computers. It normally uses an “exploit kit” known as BlackHole, according to investigative journalist Brian
Krebs, author of the Krebs on Security blog. An exploit kit is a tool that’s “stitched into hacked or malicious
Web sites [along with the ransomware malware], so that all visiting browsers are checked for [vulnerabilities
such as] a variety of insecure, outdated plugins [software], from Flash Java to Adobe Reader,” Krebs writes. (See
Inside a ‘Reveton’ Ransomware Operation, by Brian Krebs, Aug. 12, 2012.)
When the kit finds security holes in the computer’s software, the browser is “handed a Trojan downloader that
fetches Reveton and most likely a copy of the password-stealing Citadel/ZeuS Trojan,” Krebs writes.
The Citadel/ZeuS Trojan, the most common type of financial malware, continues to operate on compromised
computers collecting data, which hackers use to commit online banking and credit card fraud. Thanks to the
BlackHole exploit kit, the end user’s computer is infected with the malware — in a drive-by-download fashion
— without any interaction from the user. This creates “double trouble” for the user and enhances the coffers of
the fraudsters.
CryptoLocker The Trojan horse, CryptoLocker, first appeared in September 2013, according to Symantec. CryptoLocker
“encrypts files on the compromised computer and then prompts the user to purchase a password in order to
decrypt them.”
According to Enigmasoftware, “CryptoLocker may typically be installed by another threat such as a Trojan
downloader or a worm [for example, the major botnet, GameOver Zeus].
After CryptoLocker is installed, according to Enigmasoftware, “it will search for sensitive files on the victim’s
computer and encrypt [all of the data in each of] them.”
According to Microsoft, the encryption process includes a pair of keys: a public one to encrypt the plain text data
and make it unreadable, and a private key that the victim must purchase from the owner of both keys to decrypt
the encrypted data and return it to plain text.
FRAUD ALERT from the LONG ISLAND CHAPTER of the IIA
(continued)
11 Volume 18 March 2018 Issue 7
11
“CryptoLocker takes the infected computer hostage by preventing access to any of the computer user’s files,”
according to Enigmasoftware. “CryptoLocker then demands payment of a ransom to [purchase a public
asymmetric key that is needed to] decrypt the infected files.”
On June 2, 2014, the FBI, in conjunction with the U.S. Department of Justice and law enforcement agencies
from throughout the world, disrupted the GameOver Zeus botnet and so ceased this common form of the
Cryptolocker ransomware. (See GameOver Zeus Botnet Disrupted.) But it wasn’t long until new versions of the
ransomware evolved to raise even more havoc on individuals and organizations.
CryptoWall CryptoWall ransomware first appeared in 2014, and since then it has appeared in slightly different versions,
with names that include CryptoDefense, CryptorBit, CryptoWall 2.0, CryptoWall 3.0 and CryptoWall 4.0,
according to Paul Rubens in his Security Planet article. “One notable feature of this ransomware is that the
authors offer a free single-use decryption service for one file only, apparently to prove to their victim that they
do indeed hold the decryption key,” writes Rubens.
ORGANIZATIONS NEED TO UNDERSTAND THAT INDIVIDUALS ARE THE
WEAKEST LINKS IN ANY FRAUD PREVENTION PROGRAM.
He writes that CrytpoWall 4.0, released in late 2015, introduced a new “feature” that encrypts the filenames that
make it more difficult for victims to know what it has encrypted. “The ransomware is spread by a variety of
methods, including attachments in emails purporting to come from financial institutions, exploit kits that exploit
vulnerabilities in users’ software when they visit malicious web pages, and web pages that display malicious
advertisements,” writes Rubens.
“Some variations of CryptoWall’s ransom note are also unusual, containing text such as: ‘Congratulations!!!
You have become a part of large community CryptoWall. Together we make the Internet a better and safer
place.’ The ransom demanded is a hefty $700, doubling after about a week to $1,400,” writes Rubens.
CTB Locker CTB Locker ransomware (which is sometimes called Critoni or CTB Locker) was first noticed in July 2014,
according to Giedrius Majauskas in his July 30, 2014, article, CTB Locker ransomware or how to decrypt
encrypted files, on his 2-viruses.com website.
“This virus aims to encrypt various files and asks for a ransom in order to decrypt them,” writes Majauskas. The
ransomware can affect almost all versions of Windows, he writes. Anyone can buy this ransomware for $3,000,
he writes, which means users can encounter many versions of CTB Locker with different appearances.
FRAUD ALERT from the LONG ISLAND CHAPTER of the IIA
(continued)
12 Volume 18 March 2018 Issue 7
12
TorrentLocker This variant, also known as Crypto010-l0cker, behaves totally different from the original Cryptolocker (except
for encrypting files and demanding a ransom to decrypt them), according to an information guide on the
Bleeping Computer website.
This variant of the Lockscreen ransomware “is a file-encrypting ransomware program that was released around
the end of August 2014 that targets all versions of Windows,” according to the information guide.
TorrentLocker scans computers for data files and encrypts them with AES 256 encryption so users can’t open
them, according to the guide. “TorrentLocker is distributed via [phishing] emails that pretend to be shipping
notifications, driving or speeding violations, or another corporate/government correspondence. Some emails
will contain the malware installer as ZIP attachments or Word documents, while others will contain a link that
will bring you to the associated fake site that will prompt you to enter a 5-digit code to download the shipping
notification or violation notice. When you enter the code, it will download a ZIP file that contain [sic] an
executable that are disguised as PDF files,” according to the information guide. This ransomware variant also
created botnets with the user email address and used them to promote the scam with other users.
Bit Cryptor Bit Cryptor is the most recently released and related variant of ransomware that targets Windows computers on
a large scale, according to the article, Bit Cryptor ransomware: decrypt files and remove virus, NABZ Software.
Bit Cryptor is a successor of the CoinVault malware.
Bit Cryptor “encrypts the user’s files with AES-256, a government-level standard leveraged to secure classified
data and widely used in legitimate privacy protection software. The ransomware uses a mix of exploit-based
techniques and spear phishing to infect computers. In most cases, therefore, the users realize they have been
attacked only after the program has caused virtually irreversible damage, hence they have to deal with the
aftermath,” according to the NABZ Software article.
“Once the trespass has taken place, Bit Cryptor scans the hard drive for specific types of files. The extensions it
looks for match the most popular files and documents, so it’s obviously personal data that is targeted,”
according to the NABZ Software article.
Kaspersky Lab, a major Russian security firm, obtained the master keys and made them available to the public
to decrypt their infected files. As a result, these two variants were shut down. But watch for new emerging
forms.
FRAUD ALERT from the LONG ISLAND CHAPTER of the IIA
(continued)
13 Volume 18 March 2018 Issue 7
13
TeslaCrypt TeslaCrypt ransomware, which evolved in 2015, “often targets gamers, lands on systems through malicious
downloads, web domains which load exploit kits and phishing campaigns,” according to TeslaCrypt no more:
Ransomware master decryption key released, by Charlie Osborne for Zero Day, ZDNet, May 19, 2016. “As
ransomware, TeslaCrypt will infect systems and encrypt user files, sticking up a landing page and removing
access to the PC until a ransom is paid, usually in virtual currency Bitcoin.”
The developers behind the malware were very active, which made TeslaCrypt particularly severe, Osborne
writes. “[R]esearchers found it difficult to crack the software before new, even more sophisticated versions
were released into the wild,” she writes.
A researcher for ESET, an IT security company, posed as a TeslaCrypt victim, and via the support chat system
on the payment website asked if the developers would consider releasing the master TeslaCrypt decryption key.
To the researcher’s surprise, the scam’s authors did release the master key to the public, which allowed all
victims to decrypt their files and end this variant of ransomware. However, based on the past behavior of
ransomware authors, it’s no time to celebrate because this variant might emerge again in a different form.
Locky “Locky ransomware [released in 2016] is the current big thing in malware, with a list of millions of infected
computers including high-profile businesses, hospitals, and even police departments,” according to How Does
Locky Ransomware Work? by Brandy, The High Tech Society, Jan. 20, 2017.
“The malware infiltrates into user computers through email attachments, JavaScript, and even ads, where it
proceeds to encrypt files, making them inaccessible to users,” according to the article.
No Locky decryption program is available as of press time. Infected users must pay the ransom, which varies
between ¼ and one bitcoin ($200 to $800) to restore their data, according to the article. High-profile users have
had to pay up to $17,000 in ransom. Low-profile users aren’t guaranteed the return of their data in exchange for
paying, according to the article. The decryption keys the hackers give to the ransom payers don’t always work.
WannaCry This variant was exposed in May 2017 when fraudsters took advantage of a flaw in the Windows operating
system and hijacked computers in more than 150 countries worldwide. According to the May 17, 2017, article,
“WannaCry: the ransomware worm that didn’t arrive on a phishing hook,” by Bill Brenner on the Naked
Security website, an investigation revealed that “once computers were hijacked, it encrypted documents and
displayed ransom notes.” The worm also deleted known local backup files.
The WannaCry developers didn’t have to use the usual phishing technique but were able to penetrate computers
that were still using the old Windows XP operating system and hadn’t installed Microsoft patches, Brenner
wrote. The attack exploited a Windows vulnerability for which Microsoft had released a patch in March 2017.
The worm would generate random IP addresses and then would send malicious Windows Server Message
Block (SMB) packets to the remote host and spread itself, Brenner wrote. Windows computers use SMB to
share files and printers across local networks.
Even though Microsoft has discontinued support for Windows XP, it subsequently issued a patch to prevent
WannaCry on XP systems.
FRAUD ALERT from the LONG ISLAND CHAPTER of the IIA
(continued)
14 Volume 18 March 2018 Issue 7
14
FBI Recommendations
The FBI recommends these steps for organizations and individuals to help avoid becoming a victim of
ransomware.
Make sure you have updated antivirus software on your computer.
Enable automated patches for your operating system and web browser.
Have strong passwords, and don’t use the same passwords for everything.
Use a pop-up blocker.
Only download software — especially free software — from sites you know and trust. (Malware can also
come in downloadable games, file-sharing programs and customized toolbars.)
Don’t open attachments in unsolicited emails, even if they come from people in your contact list, and never
click on a URL contained in an unsolicited email, even if you think it looks safe. Instead, close out the
email and go to the organization’s website directly.
Use the same precautions on your mobile phone as you would on your computer when using the Internet.
To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and
businesses always conduct regular system back-ups and store the backed-up data offline.
Ransomware Takeaways
Ransomware has evolved into a major “cash cow” for fraudsters.
Lock Screen and Encryption Ransomware variants will continue to emerge and become even more
sophisticated.
New versions of existing ransomware variants will continue to evolve.
Individuals need to understand the importance of educating themselves about the risks associated with
ransomware threats and how to protect their devices and data.
Organizations need to understand that individuals are the weakest links in any fraud prevention program.
Therefore, they need to step up and include training sessions in their fraud awareness programs on the
various ways ransomware is delivered — especially phishing attacks because they account for 80 percent of
malware incursions.
Robert E. Holtfreter, Ph.D., CFE, CICA, CBA, is distinguished professor of accounting and research at
Central Washington University in Ellensburg, Wash. He’s also on the ACFE’s Advisory Council and the
Editorial Advisory Committee. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine
feature article in 2016. His email address is: [email protected].
The Long Island Chapter would like to thank Robert Holtfreter and the Association of Certified Fraud
Examiners of Austin, Texas for allowing us to reprint this fraud article in our Newsletter.
FRAUD ALERT from the LONG ISLAND CHAPTER of the IIA
(continued)
15 Volume 18 March 2018 Issue 7
15
CONGRATULATIONS TO NEWLY CERTIFIED CHAPTER MEMBER
Our Chapter Officers, Board Members and Membership wish to extend congratulations to newly certified
chapter member, Kenneth Tays. Kenneth was the recipient of the Certification in Risk Management Assurance
(CRMA). We wish him success in his future professional and personal pursuits.
CERTIFIED INTERNAL AUDITOR (CIA) EXAM PREP
Earn the most sought-after credential in the global internal audit profession! Become a Certified Internal
Auditor (CIA)! There is no better way to prepare for the CIA Exam than with Pace University’s CIA Exam
Prep Course. The CIA Prep Course is based on the IIA’s New CIA Learning System (version 4.0) which has
been updated and enhanced to teach the entire 3-Part CIA exam syllabus. This premier CIA Exam preparation
and professional development program delivers the global CIA exam syllabus in a blended learning format of
customized workbooks and web-based learning software. Expert instructors will lead you through the entire
CIA exam syllabus in a structured and interactive live classroom environment to ensure that you understand and
can apply the critical CIA topics. Prepare to pass the CIA Exam and arm yourself with critical tools and
knowledge to excel in your internal audit career.
THE IIA CIA LEARNING SYSTEM MATERIALS INCLUDE:
Easy to-understand print modules that corresponds to the new three-part CIA exam
Extensive content organized by sections so you can tailor your studies to meet your needs
A pre-test to assess initial level of knowledge and develop a customized study plan
Section-specific questions to reinforce concepts
A post-test to gauge what you have learned and identify the areas requiring further study
A final review test encompassing all review questions for additional exam practice
eFlashcards and glossary to review important terms
Resource Center providing additional references
Click Here to register for the CIA Exam.
CIA Exam Prep Classes Certified Internal Auditor CIA Exam Prep, PART 1: Internal Audit Basics
Certified Internal Auditor CIA Exam Prep, PART 2: Internal Audit Practice
Certified Internal Auditor CIA Exam Prep, PART 3: Internal Audit Knowledge Elements
Certification & Training News
16 Volume 18 March 2018 Issue 7
NEW! Ethics CPE Requirement
Starting this year, two of your CPE/CPD credits must be earned in Ethics. The IIA currently provides Ethics for
Internal Auditors, an OnDemand course that can help you obtain these CPE. The IIA will be adding additional
ethics training options throughout 2018 and beyond.
NEW! Changes Coming to the CIA Exam Syllabi
A recent job analysis confirmed the need to update the CIA exam syllabi to more closely align with the evolving
responsibilities of today’s leading internal auditors. Changes to the exam take effect in January 2019.
Learn more about how the CIA exam will be changing
Getting a Head Start on Your Career Plan
Find out where to focus your time and energy and how to invest in yourself to enhance your career with The
IIA’s 2018 Career Guide. Packed with tips, advice, and the top skills CAEs are seeking, it will help you get the
best return on your investment.
2018 Career Guide
Paving the way for Future Auditors
In this month’s Student Profile, Oscar J. Melendez, MBA and student at the Louisiana State University Center
for Internal Audit, shares his advice to those looking to pursue an internal audit career, as well as his favorite
quote and the three things each of his role models have in common.
Learn more about Oscar.
Certification & Training News
17 Volume 18 March 2018 Issue 7
The IIA’s AI Auditing Framework
In Part 2 of the three-part series on Artificial Intelligence, this edition of Global
Perspectives and Insights offers an AI Framework that will help internal auditors
approach AI advisory and assurance services in a systematic and disciplined
manner. The report describes the Framework’s components and elements, and
provides practical recommendations for implementation.
Download your free copy now
NEW! Liquidity Risk Practice Guide Available
From historical perspectives to present-day implications, the new Practice
Guide: Auditing Liquidity Risk outlines why internal audit’s approach to
liquidity risk must be updated in line with international standards. This was
created specifically for financial services audit professionals.
Add this new Practice Guide to your library today.
Certification & Training News (Continued)
18 Volume 18 March 2018 Issue 7
Upcoming Training Opportunities
Date Topic Location
Mar 5-14 Audit Report Writing Online
Mar 5-30 CIA Learning System, Part 3 Online
Mar 6-9 Building a Sustainable Quality Program San Francisco, CA
Mar 12-14 General Audit Management (GAM) Las Vegas, NV
Mar 13-15 IT General Controls Online
Mar 20-23 Root Cause Analysis for Internal Auditors Boston, MA
Mar 21-22 Data Analysis for Internal Auditors Online
Mar 26-28 Succession Planning: Leveraging and Influencing Millennials
and Other Generations
Online
Certification & Training News (Continued)
19 Volume 18 March 2018 Issue 7
IIA International Conference
May 6–9, 2018
Dubai World Trade Centre Convention Centre, Dubai, United Arab Emirates
Connecting the World Through Innovation!
Join us as we host The IIA’s 2018 International Conference on the 6–9 of May in Dubai, UAE. You will
embark on an educational journey, rich with insights for internal auditors at every level.
The theme for 2018’s International Conference is “Connecting the World Through Innovation” and will deliver
a program that delves into timely issues impacting the profession.
Get a sneak peek at the diverse and dynamic offerings that encompass Dubai. Watch The IIA’s 2018
International Conference promo video.
Don't miss this one of a kind event! Register Today!
Certification & Training News (Continued)
1. 1
4 Volume 18 March 2018 Issue 7
20
Officers Title
Rocky Shankar President
Lauren Agunzo EVP & Treasurer
Biju Beegum and Andrea Reece VP & Assistant Treasurer
Anthony Cervoni VP & Chief Information Officer
Carolyn Leahy VP & Assistant Chief Information Officer
Robert McNair and Vincent Colletti VP & Operations Officers
Brian Austin VP & Membership
Jeffrey Speed VP & Secretary
Board of Governors
Ellen Caravella Past President
Ernest Patrick Smith Past President
Brian Blisard Governor
Lucille Brower Governor
Roy Garbarino Governor
Ronald Goldman Governor
Pinak Guha Governor
Larry Karp Governor
Prabhat Kumar Governor
Michael Lanning Governor
Joel Lanz Governor
Maria Michaelson Governor
Lauren Nichols Governor
Russ Safirstein Governor
Alice Seoylemezian Governor
Bob Skirkanich Governor
Rita Thakhar Governor
Chris Wright Governor
District Representatives
Raquel Marin-Oquendo District Representative
Neil Frieser District Advisor
Committee Members
Dawn Scala Historian
Chris Cariello Website Administrator
Biju Beegum Certification
Lauren Nichols and Roy Garbarino Academic Relations
Ellen Caravella Finance
Bob Skirkanich and Lucille Brower Communications
Larry Karp and Ron Goldman Membership Development
Alice Seoylemezian Evaluate CVENT
Maria Michaelson Program Support
Pinak Guha CAE Roundtable
Russ Safirstein Employment
Long Island Chapter 2017 – 2018
Officers and Board of Governors