| 18.6°C Dublin

State and firms hit for €22m in cyber attacks


Detective Superintendent Michael Gubbins leads on web crime Picture: Maxwells

Detective Superintendent Michael Gubbins leads on web crime Picture: Maxwells

Detective Superintendent Michael Gubbins leads on web crime Picture: Maxwells

Key State agencies and some of the largest publicly listed companies in Irish business were among 20 organisations stung for €22m in cyber attacks in 2016, the Sunday Independent can reveal.

Now investigators have warned of a clear danger to the economy from increasingly sophisticated international gangs specialising in computer crime.

The full scale of the multimillion euro cyber attacks on organs of State and private-sector business is impossible to gauge because many of the successful attacks often go unreported by the victims, who fear reputational damage as a result of being scammed.

However, the Sunday Independent has learned that the biggest attack was on a large "household name" Irish company tricked by cyber criminals into transferring €7m into overseas bank accounts that were set up by an international gang.

The company quickly realised it had been the victim of a complex financial scam utilising the Dark Web and the money was later recovered by Garda and financial institutions.

The 20 cyber attacks are under active investigation by the Garda National Economic Crime Bureau, which said these cases represented just the tip of the iceberg.

Investigators believe the scale of web fraud is probably far higher but companies and organisations are still not reporting it.

The head of the Garda Cyber Crime Bureau, Detective Superintendent  Michael Gubbins, said that two-thirds of the €22m was recovered but the companies and State agencies affected still suffered "substantial losses".

The total loss from reported cyber attacks for 2016 was in the region of €7m.

The 20 organisations, which Inspector Gubbins said include State agencies, companies and PLCs, were all victims of so-called "CEO" or "invoice redirection" fraud, during which criminals hack into a company's systems and steal information to create fake emails masquerading as the CEO, or send in fake invoices from the company's suppliers.

"About two-thirds of the €22m has been recovered but you still have substantial losses to various individuals and companies," said Inspector Gubbins.

"They include State bodies, private bodies and PLCs. These are all CEO fraud or invoice redirection.

"One of the largest cases we have is for €7m, a CEO fraud or invoice redirection fraud. Now we have recovered all of that. The bank stopped some of the funds from being transferred. The Garda's Economic Crime Unit recovered the rest of the funds while they were in electronic transit in foreign bank accounts."

Meath County Council confirmed last month that cyber criminals hacked into its systems and tried to steal €4.3m by using a fake email instruction to order staff to transfer the money to an overseas account.

However the fraud was detected and reported to the bank and to the Garda's financial intelligence unit, which used Interpol to intercept the funds before they reached their final destination. The €4.3m is frozen in a Hong Kong bank account awaiting repatriation to Ireland.

The most common corporate attacks are distributed denial of service (DDoS) and ransomware attacks, both of which disrupt systems and force them to shut down, with the criminals demanding a ransom - usually in the online currency bitcoin - for stopping the attack.

So-called "phishing" emails, which trick consumers out of their credit card details, will become "more sophisticated" and will also increase in volume, according to Inspector Gubbins.

Pat Moran, head of PwC's cyber division, told the Sunday Independent that cyber crime is increasing significantly in Ireland, with ransomware and CEO frauds the most prevalent attacks over the past 12 months.

He said cyber criminals are collaborating on the Dark Web and sharing intelligence on companies that have vulnerable systems.

"Organisations, however, are very slow to share intelligence on attacks," he added. "Industry needs to ensure that if you are getting attacked, it has to be treated as fraud."

The fraudsters are often organised criminal gangs based in Eastern Europe, Korea, China or Russia.

The most dangerous gang, called Carbanak, is linked to stealing $1bn from financial institutions.

Sunday Independent