Feeds

Irish biz rife with fake sites slurping victims' privates

Volunteer hit squad tells of thugs sneaking onto servers

The Power of One eBook: Top reasons to choose HP BladeSystem

Irish websites have become a prime target for phishing fraudsters over recent months with multiple incidents of fraudsters setting up counterfeit banking sites on compromised but otherwise legitimate websites.

Of the 441 security incidents reported this year by the Irish Reporting and Information Security Service (IRISSCERT, the national computer emergency response team), the vast majority (92 per cent) involved Irish websites being broken into by criminals to host phising sites - which trick users into entering their private details into what they think are legitimate websites.

Denial of Service attacks over the same period, up until the end of October, accounted for just six reports (1.4 per cent of the total). IRISSCERT reckons 96 per cent of the reports it handled this year can be blamed one way or another on profit-motivated cybercrime gangs rather than either hacktivists or script kiddies carrying out cyberattacks for kicks, notoriety or political reasons.

Brian Honan, of IRISSCERT, said: “The volume and type of incidents we deal with on a daily basis are a clear indication to Irish businesses that cybercrime is a real threat to our systems, our businesses and the economy. We can no longer afford to treat information security as an afterthought and need to ensure we take the appropriate steps to secure our systems."

Get your corporate security in order

Honan said that running a properly configured network with up-to-date anti-virus software and the latest patches applied ought to be the starting point of a corporate security policy. User education and penetration testing to test for security weaknesses, particularly on web-facing systems such as websites, together with procedures to quickly fix problems once they are identified, is also important, said Honan. Sharing best practices on security is also essential.

“Criminals are sharing information and working together so they can exploit our systems and steal our money," Honan explained. "Businesses need to better share information with the community so we all can learn, IRISSCERT provides this facility.”

Statistics on its work to date this year were released by IRISSCERT during its annual conference, which was held on Wednesday in Dublin. During the conference IRISSCERT announced that it had joined the International Cyber Security Protection Alliance (ICSPA). ICSPA is a global not-for-profit organisation that provides technical expertise and other resources to law enforcement agencies investigating cybercrime. Other members include EuroPol, Trend Micro, Visa and McAfee.

IRISSCERT is already a member of the Anti-Phishing Working Group (APWG) with experience in fighting cybercrime.

For example, IRISSCERT assisted the Dutch authorities this year in cleaning-up suspected command and control servers for the Bredolab botnet, which was dismantled late last year.

IRISSCERT, a not-for-profit company established in 2008, is staffed by volunteer members of the local information security industry. The organisation provides alerts on new vulnerabilities and threats, supplies guidelines on security best practice and statistics as well as offering a coordination service to help deal with ongoing cyber-attacks. IRISS is funded by a combination of donations and corporate sponsorship. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.