Hackers and stock exchanges: how to attack the financial industry
While the financial sector is improving and introducing new technologies, cyber criminals are not slumbering. According to FireEye data for 2016, which specializing in information security, financial institutions are in second place in the frequency of hacker attacks, surpassed only to government resources. However, over time, the number attacks only intensified.
Today we’ll consider several examples of real attacks on banks and stock exchanges and we’ll talk about causes of cyber incidents.
The general target of hackers
Attacking the financial sphere for hackers is the common case as morning coffee for most people.
It is quite difficult to say unequivocally how the number of cyber-attacks on the financial sector is changing. Firstly, the statistics of various banks and financial companies vary and may even contradict each other. Secondly, banks and exchanges can conceal information about hacker attacks, fear to lose the confidence of customers, and writing off their internal mistakes.
The most of the hackers’ attacks are accounted for users – customers of banks. But professionals prefer to hack financial institutions – it’s more profitable for cyber criminals. In this case, hackers can pursue different goals and use a variety of ways to attack the financial industry.
Money stealing from banks through a vulnerability in the remittance system
Last year the international remittance system SWIFT was repeatedly subjected to hacker attacks. Taking advantage of the vulnerabilities in this system, hackers managed to withdraw $ 81 million from the Central Bank of Bangladesh. Another $ 9 million kidnapped from a bank in Ecuador by the criminals. In the summer of 2016, $ 10 million was stolen from an unnamed Ukrainian bank. In all these cases, the hackers acted in the same way: they were introduced into banks connected to SWIFT, and afterward, they received the data of operators which authorized to create and approve SWIFT messages and conducted fake transactions.
Experts suggest that attacks on the translation system are a matter of the hacker grouping named Lazarus. It is interesting that SWIFT representatives at first stated that the vulnerability was not the cause of the stealing. But after several incidents, the company took up increasing security.
In February 2016, from the account of the Russian Metallinvestbank, were disappeared 667 million rubles. The attack occurred at the automated workplace of the CBD (client’s automated workplace of the Bank of Russia), which is managed the account in the Central Bank. At some point, representatives of the bank noticed that unauthorized transfers to accounts of individuals in banks throughout the country were sent from the device. According to experts, the Buhtrap hacking group is behind the incident in Metallinvestbank and at least 13 more hackings, whose members were detained in June 2016. Hackers ran the Trojan into the banking network, sending letters on behalf of the Central Bank, collecting logins and passwords from domain accounts, and then gaining access to the CBD AWS and substituting payment documents.
Stealing of trading algorithms and failures in exchange trading
In July 2015, trading on the New York Stock Exchange (NYSE) was suspended for several hours. Officially, the cause of the failure was called internal malfunctions, but journalists and some experts did not convince such a version. In their opinion, hacker attacks became the blame for everything. The blame for the incident was attributed to both the Anonymous group and Chinese cyber criminals. By the way, Anonymous tried to attack the stock exchange in 2011, but then it did not lead to serious consequences. The way how the exchange was hacked in 2015 (if the attack did take place), is unknown for certain.
In the same 2015 on the Moscow stock exchange in the same was the no less mysterious situation. In early February, during trading, the ruble rate fell by 15%, since one of the traders – Kazan’s Energobank – sold the currency at non-market prices. For 15 minutes of such trading, the player lost 244 million rubles. The bank accused hackers in this incident. Experts from Group-IB, who established that the bank was indeed harmed by the intruders, was led the investigation. The mechanism of the attack was quite simple: hackers infected Corcow’s trading system with the Trojan, thereby gaining remote control over it. However, many people, including the first deputy chairman of the Central Bank, Sergei Shvetsov, felt that it was not a hacker, but that the bank was deliberately manipulating the currency.
American exchange Nasdaq has undergone a major hacker attack. In 2010, the FBI noticed attempted infiltration to the central server of the exchange. As a result of the investigation, which was reported to the US president, it was found that the system was infiltrated using several previously unidentified vulnerabilities in the system. This approach, according to foreign journalists, is characteristic of the special services. However, it was later found out that several independent groups had “inherited” at Nasdaq attack. There are different assumptions about the purpose of the attack from banal money stealing before attempting to destroy the exchange. Representatives of Nasdaq said that criminals hunted for the insider information of Directors Desk service, which contains data of 300 companies.
The next more unobvious target of the criminals – trading algorithms of hedge funds. Some experts whose are engaged in information security stated that algorithms were stolen to extort the hedge funds. These incidents can be a serious damage to its reputation.
Stealing of insider’s information
Stealing of data that can affect the course of trading, happen on exchanges where it is more often than attempts to interfere with work and steal trading algorithms. Such information is much easier to use or sell. But in this case, attacks are not only on the stock exchanges but also on other companies that are influential in the financial world. A case in point is the steal of insider information from Dow Jones & Co.
The company reported in 2015 about the break-in and stealing of 3,500 customers’ data. But it turned out that this incident with the Dow Jones is not the most interesting. At that time, the FBI had already investigated the stealing of unpublished articles and other information giving an advantage in the course of bidding. One of the services of the company – Factiva – even before the official publication collects important financial data from more than 4,000 sources, and therefore its hacking is particularly interesting for hackers.
A similar problem arose with the US resources for publishing press releases PRNewswire, Market wired, and Business wire. They, without noticing, for five whole years shared important information for the market before its publication with hackers. Cyber criminals received the access to data through phishing attacks. Hackers worked in conjunction with traders. The latter used the obtained data for trading on the exchange, and the proceeds were transferred to off-shores. The damage from the group’s actions is estimated according to different data in the amount of up to 30 to 100 million dollars.
Financial companies are constantly strengthening their own security, despite close attention from hackers. For example, the developers of the SWIFT financial remittance system, after the described situations, have developed numerous measures to improve security.
Financial companies develop various protection tools and independently – they can be taken not only to combat the consequences of hacking, but also the usual errors of IT systems. For example, errors in the operation of exchange systems can lead, among other things, to the incorrect display of trade data or incorrect calculation of the collateral for holding a position (an error may even lead to a premature closing of the transaction).
In order to minimize possible damage, brokerage companies develop various systems to protect their customer’s data.