Huge rise in security incidents in 2015
The number of security incidents reported in 2015 in Ireland rose by a factor of 4 compared to the previous year.
At the Irish Reporting and Information Security Service annual conference IRISSCon, Brian Honan, director of IRISS Computer Emergency Response Team (CERT) and of BH Consulting, told attendees that there were 26,137 incidents reported in 2015, compared with just 6,534 in 2014.
When broken down the figures show that nearly half (45%) were attributable to malware, followed by more than a quarter (25%) to outbound distributed denial of service (DDoS) attacks, with other denial of service (DOS) attacks and botnet command and control servers at 11%. Hosted phishing attacks made up 7%.
In terms of actors involved, nearly three quarters (74%), said Honan, were attributable to organised crime.
Notable in the figures, said Honan was the rise of certain types of crimes, such as DDoS extortion and CEO fraud. With the former, groups such as DD4BC and the Armada Collective were highly active. These groups send threatening emails to organisations demanding bitcoin payments to either cease or prevent such attacks.
Honan said that above all, the core advice was not to pay any ransom, but to report the matter to An Garda Síochána. It is important not to ignore the threat, and to prepare an incident response team, while ensuring that anti-DDoS mechanisms can cope. If such mechanisms are not in place, Honan said to contact your internet service provider (ISP) to discuss mitigation services.
Honan also outlined the phenomenon of CEO fraud. This is where communication purporting to come from the CEO asks for payments to be made to some new vendor or service provider that is actually a criminally controlled bank account.
These ploys use spoofed emails that are being diverted to the criminals, and often include attacks to gain access to the legitimate CEO’s inbox.
Once payment mechanisms have been set up, funds are siphoned off, appearing to have been requested and authorised by the CEO.
Again, Honan warns that basic measures can prevent such attacks being successful. Firstly, strong passwords on email accounts, regularly changed, can prevent attackers gaining control. Two factor authentication is also recommended. Strong procedures for any new payee need to be in place, with security awareness training for staff to ensure that they are rightly suspicious of any request that insists on secrecy or unusual haste. Also, a procedure that includes some type of non-email confirmation adds protection.
Overall, Honan said that the breakdown of incident causes showed that basic measures would have prevented many of the reported attacks. Contributory causes included poor passwords, missing patches, known vulnerabilities in applications and web platforms, out of date antivirus and a lack of monitoring.
These are the basics of security, warned Honan, and yet they are still being ignored leaving Irish organisations open to attack and the threat of both financial and reputational losses.
Rik Ferguson, vice president of security research for Trend Micro, discussed the unexpected in information security, highlighting that context is all important when trying to determine whether an observed action is legitimate or a threat.
Ferguson highlighted the extent of digital disruption in the field, supported by a quote from author James McQuivey PhD, “Digital disruption, when properly understood, should terrify you”.
He went on to highlight the fact that attackers are becoming ever more sophisticated in their attacks and so are looking for new entry points and exploits. He said that in relation to cloud in particular, “what attackers are looking for are the weak spots between services”. Ferguson said that there has been increasing focus on Application Programming Interfaces (API) to allow hackers to compromise the platforms and services that are likely to be the foundations of future business.