Wednesday 24 April 2019

UCC hit by €110,000 attack from cyber gang

Stock picture
Stock picture

Mark O'Regan

Cyber criminals mounted a major attack to steal €110,000 from University College Cork (UCC), the Sunday Independent can reveal.

The revelation comes as a global cyber attack struck a number of Irish businesses last month.

Thousands of computers were infected worldwide, with an advertising agency, a large pharmaceutical company and a shipping firm hit by the computer malware in Ireland.

In April, an online assault scammed a reported €1m from TCD, as part of an elaborate money-laundering scheme.

It has now emerged that UCC has also come under sustained attack, confronting up to three attempted frauds each week.

In 2015, online crime gangs successfully penetrated its security network, laundering €110,000 to an offshore account after gaining access to the 'accounts payable' department, the Sunday Independent has learnt.

Some €73,000 of the money was recovered by the university through its insurance policy.

Following this incident the college made "significant investments" to beef up security.

Most of the investment has been in education and training staff how to recognise suspicious activity.

More than €100,000 was spent on stronger firewall technology, and specialist software, designed to identify fraudulent emails and malware.

The university confirmed it still faced "two or three" attempted frauds each week, but stressed that staff had been trained to "spot" suspicious online activity. It also has a close working relationship with the gardai who are notified of each attack.

However, authorities at UCC stressed that there was "no room for complacency" and each week "new innovative threats emerge".

In the 2015 attack, hackers used a form of 'social engineering' to carry out the fraud.

Cyber Risk Aware CEO Stephen Burke said these attacks involved "engineering somebody to do something they otherwise would not do".

He added: "This could be to wire money to a bank account on the basis that you perceive the person involved to be somebody else.

"It's about what is termed social engineering."

He said hackers would try to win the trust of an employee in a particular company or institution.

This could involve gaining access to a computer after securing log-in details.

"It's about coming up with a plausible story to trick somebody into doing something they shouldn't do," he added.

Sunday Independent

Editor's Choice

Also in Irish News