Feeds

Irish biz rife with fake sites slurping victims' privates

Volunteer hit squad tells of thugs sneaking onto servers

5 things you didn’t know about cloud backup

Irish websites have become a prime target for phishing fraudsters over recent months with multiple incidents of fraudsters setting up counterfeit banking sites on compromised but otherwise legitimate websites.

Of the 441 security incidents reported this year by the Irish Reporting and Information Security Service (IRISSCERT, the national computer emergency response team), the vast majority (92 per cent) involved Irish websites being broken into by criminals to host phising sites - which trick users into entering their private details into what they think are legitimate websites.

Denial of Service attacks over the same period, up until the end of October, accounted for just six reports (1.4 per cent of the total). IRISSCERT reckons 96 per cent of the reports it handled this year can be blamed one way or another on profit-motivated cybercrime gangs rather than either hacktivists or script kiddies carrying out cyberattacks for kicks, notoriety or political reasons.

Brian Honan, of IRISSCERT, said: “The volume and type of incidents we deal with on a daily basis are a clear indication to Irish businesses that cybercrime is a real threat to our systems, our businesses and the economy. We can no longer afford to treat information security as an afterthought and need to ensure we take the appropriate steps to secure our systems."

Get your corporate security in order

Honan said that running a properly configured network with up-to-date anti-virus software and the latest patches applied ought to be the starting point of a corporate security policy. User education and penetration testing to test for security weaknesses, particularly on web-facing systems such as websites, together with procedures to quickly fix problems once they are identified, is also important, said Honan. Sharing best practices on security is also essential.

“Criminals are sharing information and working together so they can exploit our systems and steal our money," Honan explained. "Businesses need to better share information with the community so we all can learn, IRISSCERT provides this facility.”

Statistics on its work to date this year were released by IRISSCERT during its annual conference, which was held on Wednesday in Dublin. During the conference IRISSCERT announced that it had joined the International Cyber Security Protection Alliance (ICSPA). ICSPA is a global not-for-profit organisation that provides technical expertise and other resources to law enforcement agencies investigating cybercrime. Other members include EuroPol, Trend Micro, Visa and McAfee.

IRISSCERT is already a member of the Anti-Phishing Working Group (APWG) with experience in fighting cybercrime.

For example, IRISSCERT assisted the Dutch authorities this year in cleaning-up suspected command and control servers for the Bredolab botnet, which was dismantled late last year.

IRISSCERT, a not-for-profit company established in 2008, is staffed by volunteer members of the local information security industry. The organisation provides alerts on new vulnerabilities and threats, supplies guidelines on security best practice and statistics as well as offering a coordination service to help deal with ongoing cyber-attacks. IRISS is funded by a combination of donations and corporate sponsorship. ®

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?