An analysis of fusing advanced malware email protection logs, malware intelligence and active directory attributes as an instrument for threat intelligence
- Authors: Vermeulen, Japie
- Date: 2018
- Subjects: Malware (Computer software) , Computer networks Security measures , Data mining , Phishing , Data logging , Quantitative research
- Language: English
- Type: text , Thesis , Masters , MSc
- Identifier: http://hdl.handle.net/10962/63922 , vital:28506
- Description: After more than four decades email is still the most widely used electronic communication medium today. This electronic communication medium has evolved into an electronic weapon of choice for cyber criminals ranging from the novice to the elite. As cyber criminals evolve with tools, tactics and procedures, so too are technology vendors coming forward with a variety of advanced malware protection systems. However, even if an organization adopts such a system, there is still the daily challenge of interpreting the log data and understanding the type of malicious email attack, including who the target was and what the payload was. This research examines a six month data set obtained from an advanced malware email protection system from a bank in South Africa. Extensive data fusion techniques are used to provide deeper insight into the data by blending these with malware intelligence and business context. The primary data set is fused with malware intelligence to identify the different malware families associated with the samples. Active Directory attributes such as the business cluster, department and job title of users targeted by malware are also fused into the combined data. This study provides insight into malware attacks experienced in the South African financial services sector. For example, most of the malware samples identified belonged to different types of ransomware families distributed by known botnets. However, indicators of targeted attacks were observed based on particular employees targeted with exploit code and specific strains of malware. Furthermore, a short time span between newly discovered vulnerabilities and the use of malicious code to exploit such vulnerabilities through email were observed in this study. The fused data set provided the context to answer the “who”, “what”, “where” and “when”. The proposed methodology can be applied to any organization to provide insight into the malware threats identified by advanced malware email protection systems. In addition, the fused data set provides threat intelligence that could be used to strengthen the cyber defences of an organization against cyber threats.
- Full Text:
- Date Issued: 2018
- Authors: Vermeulen, Japie
- Date: 2018
- Subjects: Malware (Computer software) , Computer networks Security measures , Data mining , Phishing , Data logging , Quantitative research
- Language: English
- Type: text , Thesis , Masters , MSc
- Identifier: http://hdl.handle.net/10962/63922 , vital:28506
- Description: After more than four decades email is still the most widely used electronic communication medium today. This electronic communication medium has evolved into an electronic weapon of choice for cyber criminals ranging from the novice to the elite. As cyber criminals evolve with tools, tactics and procedures, so too are technology vendors coming forward with a variety of advanced malware protection systems. However, even if an organization adopts such a system, there is still the daily challenge of interpreting the log data and understanding the type of malicious email attack, including who the target was and what the payload was. This research examines a six month data set obtained from an advanced malware email protection system from a bank in South Africa. Extensive data fusion techniques are used to provide deeper insight into the data by blending these with malware intelligence and business context. The primary data set is fused with malware intelligence to identify the different malware families associated with the samples. Active Directory attributes such as the business cluster, department and job title of users targeted by malware are also fused into the combined data. This study provides insight into malware attacks experienced in the South African financial services sector. For example, most of the malware samples identified belonged to different types of ransomware families distributed by known botnets. However, indicators of targeted attacks were observed based on particular employees targeted with exploit code and specific strains of malware. Furthermore, a short time span between newly discovered vulnerabilities and the use of malicious code to exploit such vulnerabilities through email were observed in this study. The fused data set provided the context to answer the “who”, “what”, “where” and “when”. The proposed methodology can be applied to any organization to provide insight into the malware threats identified by advanced malware email protection systems. In addition, the fused data set provides threat intelligence that could be used to strengthen the cyber defences of an organization against cyber threats.
- Full Text:
- Date Issued: 2018
An analysis, from a South African case law perspective, of the deductibility of losses due to embezzlement, fraud, theft, damages and compensation
- Authors: Jachi, Adelaide Gamuchirai
- Date: 2018
- Subjects: South Africa. Income Tax Act, 1962 , Tax deductions -- South Africa , Taxation -- Law and legislation -- South Africa , Tax courts -- South Africa , Tax administration and procedure -- South Africa , Tax accounting -- South Africa , Income tax deductions for losses -- South Africa
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/60855 , vital:27846
- Description: When calculating the income tax payable for a year of assessment, a taxpayer deducts from his or her or its income, allowable deductions in terms of the preamble to section 11 and section 11(a) as read with section 23(g) of the Income Tax Act, 58 of 1962. Amongst the expenditure and losses incurred by a taxpayer during a year of assessment, a claim may be sought for the deduction of losses incurred due to embezzlement, fraud and theft as well as damages and compensation. The requirements of the preamble and section 11(a) include the requirement that expenditure and losses must be incurred “in the production of the income”. Losses incurred due to defalcations, as well as expenditure on damages and compensation must satisfy this requirement to be allowed as deductions. The objective of the research was to analyse the judicial decisions dealing with “in the production of the income” in granting a deduction for income tax purposes in cases dealing with embezzlement, fraud and theft, and damages and compensation, to establish why the courts grant or disallow the deduction of expenditure and losses. A doctrinal research methodology was applied to the research. The provisions of the Income Tax Act, relevant case law relating to embezzlement, fraud and theft, and damages and compensation, and the contributions of the revenue authority and tax experts in articles of accredited journals, textbooks and other writings were analysed. The major conclusions drawn from the research were that losses due to defalcations are regarded as having been incurred “in the production of the income” if the taxpayer discharges the onus of proof that the risk of the act leading to misappropriation is an incidental risk of the business. Expenditure on damages and compensation is deductible provided the expense is attached to the performance of a business operation bona fide performed for the purpose of earning income and the expense is so closely connected with the business operation as to be regarded as part of the cost of performing it. Where negligence is attached to an expense or loss, the South African courts have held that negligence does not increase the likelihood of disallowing an expense or loss as not having been incurred “in the production of the income”.
- Full Text:
- Date Issued: 2018
- Authors: Jachi, Adelaide Gamuchirai
- Date: 2018
- Subjects: South Africa. Income Tax Act, 1962 , Tax deductions -- South Africa , Taxation -- Law and legislation -- South Africa , Tax courts -- South Africa , Tax administration and procedure -- South Africa , Tax accounting -- South Africa , Income tax deductions for losses -- South Africa
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/60855 , vital:27846
- Description: When calculating the income tax payable for a year of assessment, a taxpayer deducts from his or her or its income, allowable deductions in terms of the preamble to section 11 and section 11(a) as read with section 23(g) of the Income Tax Act, 58 of 1962. Amongst the expenditure and losses incurred by a taxpayer during a year of assessment, a claim may be sought for the deduction of losses incurred due to embezzlement, fraud and theft as well as damages and compensation. The requirements of the preamble and section 11(a) include the requirement that expenditure and losses must be incurred “in the production of the income”. Losses incurred due to defalcations, as well as expenditure on damages and compensation must satisfy this requirement to be allowed as deductions. The objective of the research was to analyse the judicial decisions dealing with “in the production of the income” in granting a deduction for income tax purposes in cases dealing with embezzlement, fraud and theft, and damages and compensation, to establish why the courts grant or disallow the deduction of expenditure and losses. A doctrinal research methodology was applied to the research. The provisions of the Income Tax Act, relevant case law relating to embezzlement, fraud and theft, and damages and compensation, and the contributions of the revenue authority and tax experts in articles of accredited journals, textbooks and other writings were analysed. The major conclusions drawn from the research were that losses due to defalcations are regarded as having been incurred “in the production of the income” if the taxpayer discharges the onus of proof that the risk of the act leading to misappropriation is an incidental risk of the business. Expenditure on damages and compensation is deductible provided the expense is attached to the performance of a business operation bona fide performed for the purpose of earning income and the expense is so closely connected with the business operation as to be regarded as part of the cost of performing it. Where negligence is attached to an expense or loss, the South African courts have held that negligence does not increase the likelihood of disallowing an expense or loss as not having been incurred “in the production of the income”.
- Full Text:
- Date Issued: 2018
“Don’t forget to be awesome”: the role of social learning as a component of belonging in virtual communities: a case study of the Youtube fan community “Nerdfighteria”
- Authors: Steenkamp, Elri Colleen
- Date: 2018
- Subjects: Nerdfighteria (Online) , Social learning , Online social networks , Belonging (Social psychology) , Communities of practice , YouTube (Firm)
- Language: English
- Type: text , Thesis , Masters , MA
- Identifier: http://hdl.handle.net/10962/63753 , vital:28484
- Description: The growth of the Internet has allowed fans who consume various media products, to interact and convene with other who share similar interests in online fan communities. Historically the study of fans has focused on pleasure and enjoyment as the main motivating factors why individual fans join, stay and participate in fan communities. This study, however, suggests that learning as a component of belonging has been underestimated within contemporary fan studies. Close examination of the literature of fan studies and the social practices of online fan communities reveal that these spaces may serve as fertile spaces for learning and the sharing of knowledge. Daily learning occurs within multiple spheres, including personal interests, peer culture, and academic content; all elements which can be found within fan communities. This study used the social learning theory “communities of practice” (CoP) model developed by Wenger (1998) to understand of this element of learning and knowledge sharing that seems to take places within fan communities. This study explores learning as a component of belonging to online fan communities by using the fan community of the YouTube personalities Vlogbrothers, which has named itself Nerdfighteria, as a case study. Through a qualitative research approach, which includes participation observation methods and qualitative interviews, this thesis has analysed the fan community Nerdfighteria, and used two Nerdfighter fan Facebook groups, the global NERDFIGHTEIRIA and local Nerdfighters South Africa, as case studies to evaluate whether the elements of learning taking place within these spaces serves as a motivating factor for belonging and participation. The results of this research support the idea that learning plays a role within the fan community Nerdfighteria and thus that it functions as a CoP. Fans within the global NERDFIGHTERIA Facebook group use this fan space to discuss and debate content related to their media of choice; thereby learning and acquiring knowledge as a CoP. The Nerdfighters South Africa Facebook group, despite the learning potential, fails to function as a CoP because it is no longer functionally allows for shared learning. Online fan communities, this research found, have the potential to serve as functioning communities of practice (CoP) only if they embody the characteristics and practicalities consistent with a learning space. Overall these fan groups may be categorised as communities of interests but sub-sections within these communities fit the criteria of a community of practice due to the kind of learning that is taking place. This research supports an alternative, yet promising, approach to the study of fan online communities which prioritises learning.
- Full Text:
- Date Issued: 2018
- Authors: Steenkamp, Elri Colleen
- Date: 2018
- Subjects: Nerdfighteria (Online) , Social learning , Online social networks , Belonging (Social psychology) , Communities of practice , YouTube (Firm)
- Language: English
- Type: text , Thesis , Masters , MA
- Identifier: http://hdl.handle.net/10962/63753 , vital:28484
- Description: The growth of the Internet has allowed fans who consume various media products, to interact and convene with other who share similar interests in online fan communities. Historically the study of fans has focused on pleasure and enjoyment as the main motivating factors why individual fans join, stay and participate in fan communities. This study, however, suggests that learning as a component of belonging has been underestimated within contemporary fan studies. Close examination of the literature of fan studies and the social practices of online fan communities reveal that these spaces may serve as fertile spaces for learning and the sharing of knowledge. Daily learning occurs within multiple spheres, including personal interests, peer culture, and academic content; all elements which can be found within fan communities. This study used the social learning theory “communities of practice” (CoP) model developed by Wenger (1998) to understand of this element of learning and knowledge sharing that seems to take places within fan communities. This study explores learning as a component of belonging to online fan communities by using the fan community of the YouTube personalities Vlogbrothers, which has named itself Nerdfighteria, as a case study. Through a qualitative research approach, which includes participation observation methods and qualitative interviews, this thesis has analysed the fan community Nerdfighteria, and used two Nerdfighter fan Facebook groups, the global NERDFIGHTEIRIA and local Nerdfighters South Africa, as case studies to evaluate whether the elements of learning taking place within these spaces serves as a motivating factor for belonging and participation. The results of this research support the idea that learning plays a role within the fan community Nerdfighteria and thus that it functions as a CoP. Fans within the global NERDFIGHTERIA Facebook group use this fan space to discuss and debate content related to their media of choice; thereby learning and acquiring knowledge as a CoP. The Nerdfighters South Africa Facebook group, despite the learning potential, fails to function as a CoP because it is no longer functionally allows for shared learning. Online fan communities, this research found, have the potential to serve as functioning communities of practice (CoP) only if they embody the characteristics and practicalities consistent with a learning space. Overall these fan groups may be categorised as communities of interests but sub-sections within these communities fit the criteria of a community of practice due to the kind of learning that is taking place. This research supports an alternative, yet promising, approach to the study of fan online communities which prioritises learning.
- Full Text:
- Date Issued: 2018
- «
- ‹
- 1
- ›
- »