Feeds

Irish biz rife with fake sites slurping victims' privates

Volunteer hit squad tells of thugs sneaking onto servers

Top 5 reasons to deploy VMware with Tegile

Irish websites have become a prime target for phishing fraudsters over recent months with multiple incidents of fraudsters setting up counterfeit banking sites on compromised but otherwise legitimate websites.

Of the 441 security incidents reported this year by the Irish Reporting and Information Security Service (IRISSCERT, the national computer emergency response team), the vast majority (92 per cent) involved Irish websites being broken into by criminals to host phising sites - which trick users into entering their private details into what they think are legitimate websites.

Denial of Service attacks over the same period, up until the end of October, accounted for just six reports (1.4 per cent of the total). IRISSCERT reckons 96 per cent of the reports it handled this year can be blamed one way or another on profit-motivated cybercrime gangs rather than either hacktivists or script kiddies carrying out cyberattacks for kicks, notoriety or political reasons.

Brian Honan, of IRISSCERT, said: “The volume and type of incidents we deal with on a daily basis are a clear indication to Irish businesses that cybercrime is a real threat to our systems, our businesses and the economy. We can no longer afford to treat information security as an afterthought and need to ensure we take the appropriate steps to secure our systems."

Get your corporate security in order

Honan said that running a properly configured network with up-to-date anti-virus software and the latest patches applied ought to be the starting point of a corporate security policy. User education and penetration testing to test for security weaknesses, particularly on web-facing systems such as websites, together with procedures to quickly fix problems once they are identified, is also important, said Honan. Sharing best practices on security is also essential.

“Criminals are sharing information and working together so they can exploit our systems and steal our money," Honan explained. "Businesses need to better share information with the community so we all can learn, IRISSCERT provides this facility.”

Statistics on its work to date this year were released by IRISSCERT during its annual conference, which was held on Wednesday in Dublin. During the conference IRISSCERT announced that it had joined the International Cyber Security Protection Alliance (ICSPA). ICSPA is a global not-for-profit organisation that provides technical expertise and other resources to law enforcement agencies investigating cybercrime. Other members include EuroPol, Trend Micro, Visa and McAfee.

IRISSCERT is already a member of the Anti-Phishing Working Group (APWG) with experience in fighting cybercrime.

For example, IRISSCERT assisted the Dutch authorities this year in cleaning-up suspected command and control servers for the Bredolab botnet, which was dismantled late last year.

IRISSCERT, a not-for-profit company established in 2008, is staffed by volunteer members of the local information security industry. The organisation provides alerts on new vulnerabilities and threats, supplies guidelines on security best practice and statistics as well as offering a coordination service to help deal with ongoing cyber-attacks. IRISS is funded by a combination of donations and corporate sponsorship. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.