Ireland’s Computer Emergency Response Team is now receiving up to 10 alerts per day from Irish businesses coming under attack by having their systems compromised to host phishing websites or to distribute malicious software.
Small and medium-sized businesses, in particular, are being targeted by criminals who exploit weaknesses in the companies’ websites, according to the Irish Reporting and Information Security Service Computer Emergency Response Team (IRISS-CERT).
“The majority of issues we’re dealing with are websites of Irish organisations being compromised by criminals to host phishing sites or to spread malware,” said security consultant Brian Honan, who heads IRISS-CERT.
Explaining how the attack works, Honan said gangs send phishing emails with links to a banking site which actually redirects the user to a fake web page hosted in the subdirectories of sites belonging to legitimate companies.
“Because it’s in a subdirectory, the website owner doesn’t see anything different, it all looks fine. Any of that company’s legitimate customers wouldn’t see the phishing page either,” said Honan. In other cases, the compromised sites are used to distribute malware, so anyone visiting the site would unknowingly download Trojan Horse programs or fake antivirus software.
Attacks on Irish organisations
Honan said the group was also aware of some targeted attacks against Irish organisations, across a range of different industry sectors. In one instance, one computer at a firm was being used as a command and control server for a spam botnet. This bucks conventional wisdom that commercial PCs tend to be better protected than home computers, Honan said.
“In cases that we deal with, business computers were used. This makes sense because a criminal doesn’t want to rely on a home computer that might be switched off. If it’s on a business network, it’s more likely to be turned on all the time,” he said.
IRISS-CERT typically hears about these incidents because it is linked with companies in other jurisdictions which provide intelligence services. When they become aware of a phishing attack against a bank in another country, and discover the phishing site is hosted in Ireland, these groups contact IRISS-CERT which notifies the hosting provider which in turn contacts the affected customer. In other cases, computer security incident response teams in other countries pass on leads to IRISS-CERT, which is recognised internationally and is accredited by the Europe-wide body TF-CSIRT.
IRISS-CERT is staffed by volunteers and distributes free advice and warnings about information security threats to 400 people in Ireland. The group is in the early stages of planning its third annual conference, due to be held in November.