Hackers and exchanges: how to attack the sphere of finance

While the financial sector is improving and introducing new technologies, cybercriminals are not asleep. According to FireEye, a company specializing in information security for 2014 , financial institutions are second in terms of hacker attacks, second only to government resources. Over time, attacks on this sector only intensified.

Today we look at a few examples of real attacks on banks and stock exchanges and talk about the consequences of these cyber incidents.
')

Popular target hackers

Hacker attacks on finance are as common as morning coffee for most people. About 5 thousand attacks a week are made on Sberbank clients. The situation with target hacks is no better - in 2016, hackers tried to steal 2.87 billion rubles from Russian banks, reports the Central Bank.

It is quite difficult to say how the number of cyber attacks on the financial sector is changing. First, the statistics of different banks and financial companies differ and may even contradict each other. Secondly, the banks and exchanges themselves can both conceal information about hacker attacks, fearing to lose the trust of customers, and write off their internal mistakes on them.

Most of the hacker attacks accounted for by users - bank customers. But professionals prefer to crack the financial institutions themselves - it is more profitable for cybercriminals. In this case, hackers can pursue different goals and use many ways to attack the sphere of finance.

Theft of money from banks using vulnerabilities in the transfer system

Last year, the SWIFT international money transfer system was repeatedly subjected to hacker attacks. Taking advantage of vulnerabilities in this system, hackers managed to withdraw $ 81 million from the Central Bank of Bangladesh. Another $ 9 million criminals stole from a bank in Ecuador. In the summer of 2016, $ 10 million was stolen from an unnamed Ukrainian bank . In all these cases, the hackers acted in the same way: they were introduced to the banks connected to SWIFT, and afterwards they received the data of operators having the right to create and approve SWIFT messages and conducted fake transactions.



Experts suggest that attacks on the translation system are a matter of the hacker group Lazarus. Interestingly, SWIFT representatives initially stated that vulnerability is not the cause of theft. But after several incidents, the company took on increased security.

In February 2016, 667 million rubles disappeared from the account of the Russian Metallinvestbank. The attack occurred at the AWS of the CBD (automated workplace of the Bank of Russia client), from which the account is managed at the Central Bank. At some point, representatives of the bank noticed that unauthorized transfers were sent from the device to the accounts of individuals in banks throughout the country. According to experts, behind the incident at Metallinvestbank and at least another 13 hacks is the Buhtrap group, whose members were detained in June 2016. Hackers launched a Trojan into the banking network, sending letters on behalf of the Central Bank, collected logins and passwords from domain accounts, and then got access to the AWS of the CBD and replaced payment documents.

Theft of trading algorithms and failures in stock trading

In July 2015, trading on the New York Stock Exchange (NYSE) was suspended for several hours. Officially, the cause of the failure was called internal problems, but this version was not convinced by journalists and some experts. In their opinion, the hacker attacks became the culprit. The blame for the incident was attributed to both the Anonymous group and the Chinese cybercriminals. By the way, Anonymous tried to attack the exchange in 2011, but then it did not lead to serious consequences. The way in which the exchange was hacked in 2015 (if the attack did take place) is not known for certain.



Image: Christine Puccio , CC BY-SA 2.0

On the Moscow Stock Exchange in the same 2015, a no less mysterious situation occurred. In early February, during the trading session, the ruble exchange rate fell by 15% , since one of the traders, Kazan Energobank, was selling the currency at non-market prices. In 15 minutes of such a trade a player lost 244 million rubles. The bank blamed the hackers for the incident. Experts from Group-IB undertook to investigate the incident, who established that the bank had really suffered from the intruders. The attack mechanism turned out to be simple: hackers infected the Corcow trading system of the bank with a Trojan, thereby gaining remote control over it. However, many, including the first deputy chairman of the Central Bank, Sergei Shvetsov, felt that the point was not a hacker, but that the bank deliberately manipulated currency.

American stock exchange Nasdaq has undergone a major hacker attack . In 2010, the FBI noticed an attempt to penetrate the central servers of the exchange. As a result of the investigation, which was reported to the President of the United States himself, it was established that the system had been infiltrated using vulnerabilities that had not been previously detected in the system. Such an approach, according to foreign journalists, is characteristic of the special services. However, later it turned out that the Nasdaq was "inherited" by several independent groups. There are various assumptions about the purpose of the attack from the banal theft of money before attempting to destroy the stock exchange. Nasdaq representatives said that the criminals were hunting for insider information of the Directors Desk service, which contains data from 300 companies.

Another unobvious goal of attackers is trading hedge fund algorithms . Specialists of companies involved in information security, said that the algorithms are abducted in order to blackmail hedge funds. For them, such incidents can be an extremely serious reputational blow.

Insider Information Theft

Abductions of data that can affect the course of trading occur on the exchanges where more often attempts to interfere with work and steal trading algorithms. Such information is much easier to use or sell. But in this case, not only the exchanges themselves, but also other influential companies in the financial world are subject to attacks. A case in point is the theft of insider information from Dow Jones & Co.

About the hacking and theft of data 3500 customers, the company reported in 2015. But it turned out that this incident with Dow Jones is not the most interesting. At that time, the FBI had already investigated the theft of unpublished articles and other information, which gives an advantage during the auction. One of the company's services, Factiva, collects important financial data from more than 4,000 sources before official publication, and therefore its hacking is especially interesting for hackers.

A similar problem arose in the American resources for the publication of press releases of companies PRNewswire, Marketwired and Businesswire. They themselves, without noticing it, had been sharing with the hackers important information for the market before its publication for five years. Access to data cybercriminals obtained using phishing attacks. Hackers worked in conjunction with traders. The latter used the data for trading on the stock exchange, and the proceeds were transferred to offshore. The damage from the actions of the group is estimated according to various sources in the amount from 30 to 100 million dollars.

Conclusion

Despite the close attention of hackers, financial companies are constantly strengthening their own security. For example, the developers of the SWIFT financial transfer system after the described situations have developed numerous measures designed to improve security.

Financial companies are developing various means of protection and independently - they can receive not only the struggle against the consequences of hacks, but also the usual mistakes of IT systems. For example, errors in the operation of stock exchange systems can lead to incorrect display of trade data or incorrect calculation of the collateral to hold a position (an error can even lead to a premature closing of the transaction)

In order to minimize possible damage, brokerage companies are developing various systems to protect customers. How this protection is implemented in the ITinvest MatriX trading system can be found here .