Hackers and exchanges: how to attack the sphere of finance



    While the financial sector is improving and introducing new technologies, cybercriminals are not asleep. According to FireEye for the year 2014 , specializing in information security, financial institutions are in second place in the frequency of hacker attacks, second only to government resources. Over time, attacks on this sector only intensified.

    Today we look at several examples of real attacks on banks and exchanges and talk about the consequences of these cyber incidents.

    Popular target of hackers


    Attacks by hackers in the financial sector are as familiar as morning coffee for most people. About 5 thousand attacks per week are committed against Sberbank customers . The situation with targeted hacks is no better - in 2016, hackers tried to steal 2.87 billion rubles from Russian banks, the Central Bank reports .

    It’s quite difficult to say how the number of cyber attacks on the financial sector is changing. Firstly, the statistics of various banks and financial companies vary and may even contradict each other. Secondly, banks and exchanges themselves can either withhold information about hacker attacks, fearing to lose the trust of customers, and write off their internal mistakes on them.

    Most of the hacker attacks fall on users - customers of banks. But professionals prefer to hack into the financial institutions themselves - this is more profitable for cybercriminals. At the same time, hackers can pursue various goals and use many ways to attack the sphere of finance.

    Theft of money from banks using vulnerabilities in the transfer system


    Last year, the SWIFT international money transfer system was repeatedly subjected to hacker attacks. Using the vulnerabilities in this system, hackers managed to withdraw $ 81 million from the Central Bank of Bangladesh. Criminals stole another $ 9 million from a bank in Ecuador. In the summer of 2016, $ 10 million was stolen from an unnamed Ukrainian bank . In all these cases, the hackers acted the same way: they were introduced into banks connected to SWIFT, and after that they received data from operators authorized to create and approve SWIFT messages, and carried out fake transactions.



    Experts suggest that attacks on the translation system are the business of the hacker group Lazarus. Interestingly, SWIFT representatives initially stated that vulnerability was not the reason for theft. But after several incidents, the company set about reinforcing security.

    In February 2016, the Russian Metallinvestbank disappeared from the account667 million rubles. The attack fell on the automated workplace of the CBD (an automated workplace of a client of the Bank of Russia), from which the account is managed in the Central Bank. At some point, bank representatives noticed that unauthorized transfers were sent from the device to private accounts in banks across the country. According to experts, behind the incident in Metallinvestbank and at least 13 hacks there is a Buhtrap group, whose members were detained in June 2016. Hackers launched the Trojan into the banking network, sending letters on behalf of the Central Bank, collected usernames and passwords from domain accounts, and then gained access to the workstation of the CBD and replaced payment documents.

    Theft of trading algorithms and failures in exchange trading


    In July 2015, trading on the New York Stock Exchange (NYSE) was suspended for several hours. Officially, the cause of the failure was called internal problems, but this version was not convinced by journalists and some experts . According to them, hacker attacks were to blame. The blame for what happened was attributed to both the Anonymous group and the Chinese cybercriminals. By the way, Anonymous tried to attack the exchange in 2011, but then it did not lead to serious consequences. It is not known for certain how the exchange was hacked in 2015 (if the attack really took place).



    Image: Christine Puccio , CC BY-SA 2.0

    On the Moscow Exchange in the same 2015, a no less mysterious situation occurred. In early February, during the bidding, the ruble fell by 15% , as one of the traders - Kazan Energobank - sold currency at non-market prices. In 15 minutes of such trading, the player lost 244 million rubles. In the incident, the bank accused the hackers. The investigation of the incident was undertaken by specialists from Group-IB, who established that the bank was indeed affected by intruders. The attack mechanism turned out to be simple: hackers infected the banking system with the Trojan Corcow, thereby gaining remote control over it. However, many, including the first deputy chairman of the Central Bank, Sergei Shvetsov, felt that it was not a hacker, but that the bank had deliberately manipulated the currency.

    Nasdaq American Exchange has undergonea major hacker attack . In 2010, the FBI noticed an attempt to penetrate the central servers of the exchange. As a result of the investigation, which was reported to the US president himself, it was established that they had penetrated the system using several vulnerabilities not previously discovered in the system. Such an approach, according to foreign journalists, is characteristic of special services. However, it later became clear that Nasdaq “inherited” several independent groups. There are various assumptions about the purpose of the attack from the banal theft of money to an attempt to destroy the exchange. Representatives of Nasdaq said that the criminals were hunting for insider information of the Directors Desk service, which contains data from 300 companies.

    Another unobvious goal of attackers is trading hedge fund algorithms.. Specialists of information security companies have stated that algorithms are being stolen to blackmail hedge funds. For them, such incidents can be an extremely serious reputational blow.

    Theft of insider information


    Theft of data that can affect the course of trading occurs on exchanges much more often than attempts to interfere with work and steal trading algorithms. Such information is much easier to use or sell. But in this case, not only the exchanges themselves, but also other companies that are influential in the financial world are attacked. A case in point is the theft of insider information from Dow Jones & Co.

    The company reported about hacking and data theft of 3,500 customers in 2015. But it turned out that this incident with the Dow Jones is not the most interesting. At that time, the FBI had already investigated the theft of unpublished articles and other information that would give an advantage during bidding. One of the company's services - Factiva - even before the official publication collects important financial data from more than 4000 sources, and therefore its hacking is especially interesting for hackers.

    A similar problem has arisen for American resources for publishing press releases of PRNewswire, Marketwired and Businesswire. They themselves, without noticing it, spent five years sharing with hackers important information for the market before it was published. Cybercriminals gained access to data through phishing attacks. Hackers worked in conjunction with traders. The latter used the data obtained for trading on the exchange, and the proceeds were transferred to offshore. The damage from the actions of the group is estimated according to various sources in the amount of from 30 to 100 million dollars.

    Conclusion


    Despite the close attention from hackers, financial companies are constantly strengthening their own security. For example, the developers of the SWIFT financial transfer system after the described situations have developed numerous measures designed to improve security.

    Financial companies develop various security measures on their own - they can be used not only to combat the consequences of hacks, but also common IT system errors. For example, errors in the operation of exchange systems can also lead to incorrect display of trade data or incorrect calculation of guarantee coverage to hold a position (an error can even lead to a premature closing of a transaction)

    In order to minimize possible damage, brokerage companies are developing various customer protection systems.

    Other financial and stock market related materials from ITI Capital :



    Also popular now: