February 9TH 2011, Dublin, Ireland

Today it was revealed that popular Irish recruitment website recruitireland.com was the latest victim of a data breach. Last weekend it was also revealed that hackers breached computer networks belonging to the company that runs the Nasdaq Stock Market.

Dermot Williams of IT Security company Threatscape believes the potential for financial gain from attacks on seemingly soft targets can be as strong as for more obvious ones financial institutions:

“This is only the latest in a continuing series of cyber attacks where you might be puzzled as to why an attacker targeted what seems to be a non-obvious and ‘unprofitable’ target.”

“But when you take a closer look you realise that in all these cases there is the potential for an attacker to generate monetary gain. RecruitIreland.com believes that it was targeted by someone who wanted to harvest email addresses to populate a lucrative spam database. But could it be more sinister? CVs can contain a lot of useful data for identity theft.”

“Less obvious victims may not be as high on the list of expected targets as say banks and credit card companies, but attackers have realised it can prove no less profitable to target them.”

“The salutary lesson here is that cyber criminals are increasingly showing a combination not only of persistence and technical skill - but also of commercial cunning and lateral thinking.”

Williams advises that: “Everyone storing business critical and potentially exploitable digital information needs to ensure their IT security systems and procedures are up to scratch, no matter how mundane their line of business may appear.”

Nasdaq Attacked at the Weekend

It was also revealed at the weekend that hackers breached computer networks belonging to the company that runs the Nasdaq Stock Market. While Nasdaq confirmed that nothing had been stolen, it emerged that the hackers had infiltrated a web-based service called ‘Director’s Desk” which facilitates secure communication between boards of Nasdaq listed companies and serves some 5,000 users.*

Williams says: “While it wasn't one of Nasdaq’s main trading platforms, even a tiny amount of critically important information flowing between board members could be valuable to a criminal.”

“Snooping on board members’ communications could be an insider trader's dream and obviously also a competitor’s. It’s a bonanza also for a cyber criminal who could use the stolen data to defraud or extort a company. The list of possibilities is endless.”

Theft of Carbon Credits

Another recent example of hackers profiting from weak IT security controls was the hack and subsequent theft of millions worth of carbon credits from the German Emissions Trading Authority. It is estimated that more than $4million dollars in carbon credits was stolen in the fraud.*

Williams concludes: “There is no indication that the same attacker(s) responsible for the other recent incidents were involved in the RecruitIreland one - but the success, and profit, achieved by any attackers against a chosen target is surely inspiring others into action, a vicious circle which may spawn yet more attacks.”

© Threatscape Ltd, 2011 - http://www.threatscape.com/