Feeds

Irish biz rife with fake sites slurping victims' privates

Volunteer hit squad tells of thugs sneaking onto servers

Protecting against web application threats using SSL

Irish websites have become a prime target for phishing fraudsters over recent months with multiple incidents of fraudsters setting up counterfeit banking sites on compromised but otherwise legitimate websites.

Of the 441 security incidents reported this year by the Irish Reporting and Information Security Service (IRISSCERT, the national computer emergency response team), the vast majority (92 per cent) involved Irish websites being broken into by criminals to host phising sites - which trick users into entering their private details into what they think are legitimate websites.

Denial of Service attacks over the same period, up until the end of October, accounted for just six reports (1.4 per cent of the total). IRISSCERT reckons 96 per cent of the reports it handled this year can be blamed one way or another on profit-motivated cybercrime gangs rather than either hacktivists or script kiddies carrying out cyberattacks for kicks, notoriety or political reasons.

Brian Honan, of IRISSCERT, said: “The volume and type of incidents we deal with on a daily basis are a clear indication to Irish businesses that cybercrime is a real threat to our systems, our businesses and the economy. We can no longer afford to treat information security as an afterthought and need to ensure we take the appropriate steps to secure our systems."

Get your corporate security in order

Honan said that running a properly configured network with up-to-date anti-virus software and the latest patches applied ought to be the starting point of a corporate security policy. User education and penetration testing to test for security weaknesses, particularly on web-facing systems such as websites, together with procedures to quickly fix problems once they are identified, is also important, said Honan. Sharing best practices on security is also essential.

“Criminals are sharing information and working together so they can exploit our systems and steal our money," Honan explained. "Businesses need to better share information with the community so we all can learn, IRISSCERT provides this facility.”

Statistics on its work to date this year were released by IRISSCERT during its annual conference, which was held on Wednesday in Dublin. During the conference IRISSCERT announced that it had joined the International Cyber Security Protection Alliance (ICSPA). ICSPA is a global not-for-profit organisation that provides technical expertise and other resources to law enforcement agencies investigating cybercrime. Other members include EuroPol, Trend Micro, Visa and McAfee.

IRISSCERT is already a member of the Anti-Phishing Working Group (APWG) with experience in fighting cybercrime.

For example, IRISSCERT assisted the Dutch authorities this year in cleaning-up suspected command and control servers for the Bredolab botnet, which was dismantled late last year.

IRISSCERT, a not-for-profit company established in 2008, is staffed by volunteer members of the local information security industry. The organisation provides alerts on new vulnerabilities and threats, supplies guidelines on security best practice and statistics as well as offering a coordination service to help deal with ongoing cyber-attacks. IRISS is funded by a combination of donations and corporate sponsorship. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.