Attacks/Breaches

11/19/2018
06:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Securities Markets at High Risk of Cyberattack

A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.

In the financial sector, the global securities market is more vulnerable to short-term cybersecurity threats than the banking and payments market, foreign exchange (forex) market, and trade finance segment, new analysis shows.

BAE Systems and SWIFT, the provider of financial messaging services for banks globally, recently assessed the threats that different parts of the financial sector face from advanced persistent threat (APT) actors. They did so against a set of threat factors that might influence an APT group's assessment of whether to develop and undertake attacks against it.  

Among the factors considered were the ease with which an APT group would be able to target a particular finance market's infrastructure and the companies using the infrastructure to conduct their business. The two organizations also analyzed the potential financial gains an APT group could make from targeting a particular finance market, the ease with which they could monetize stolen assets and repeat attacks, as well as traceability and stealth.

In addition, the researchers looked at so-called susceptibility factors to determine each financial market's inherent vulnerabilities to cyberthreats. As part of this exercise, the researchers evaluated factors such as transactional and operational complexity, the maturity of manual and automated processes, the maturity of regulatory oversight, and the availability of mutual checks and balances for catching errant behavior. Each of the threat and susceptibility factors was then assigned a high, medium, or low severity rating.

Researchers found that the securities market faces a greater cyberthreat than other areas of the financial sector. Both the infrastructure used for activities, such as trading, equities, bonds, and derivatives, as well as the organizations using it for these purposes, are at higher risk of cyberattack than banks, forex markets, and trade finance companies dealing in international trade transactions.

One major reason is the large number of participants and infrastructures in the sector, the complexity of transactions, long chains of custody, and the generally unstructured nature of communications in the space, BAE and SWIFT found.

They assessed that attacks on security market infrastructure components, such as Electronic Trade Confirmation and Central Securities Depositories, would yield substantial returns for threat actors even though such attacks would require some effort. The kind of mischief that attackers could do in this market include manipulating data such as securities ownership and values in a central securities depository and manipulating market and reference data.

At substantially greater risk are the participants or organizations actually using the infrastructure for securities-related activities. BAE and SWIFT found varying levels of cyber maturity and nonstandard, unstructured processes in use among organizations in this space. Many organizations use faxes and emails for communication and manage critical data in spreadsheets, the two companies said. Vulnerabilities in this segment give attackers a way to do things like falsifying trade orders, falsifying instructions to security depositories, and exploiting certain market practices to steal securities.

In terms of financial gain, though, cyberattackers would likely make less from attacking participants in the securities market than they would by attacking infrastructure components, BAE and SWIFT noted in their report.

Most concerns about attacks on the financial sector have focused on the banking segments. Attacks such as the one that emptied more than $80 million from the Bank of Bangladesh in 2016 have focused considerable attention on banking system vulnerabilities. BAE and SWIFT's study shows that, in reality, banks and payment systems are relatively less at risk compared with the securities market because the threats are somewhat better understood and because of the regulatory oversight that exists. Cashing out stolen assets is also more difficult for APT groups in the banking and payment market, the two companies assessed.

"None of the specific financial markets are necessarily safe," says Pat Antonacci, global director of the customer security program at SWIFT. Most of the threat activity to date has been in the bank and payment system space.

There have been attacks on card networks, ATMs, distributed ledger space, and other facets of the market. But most of the success attackers have had has been on the edge of the network and not so much on the core infrastructure, Antonacci says.

APT groups have recently begun evolving their attacks to other financial markets. "The shift is happening because bad guys are going to where the money is and where there is less security," he says.

In many cases, attackers have definite knowledge about the workings of the financial market. What is unclear is whether they are obtaining this knowledge from public sources or from insiders and other private sources. Also, when attackers gain initial access to a financial network, they tend to lay low for months together, surveying the terrain, getting to know how the system works, and understanding the checks and controls in place for detecting malicious activity. So once they are ready to execute, they have good knowledge of the system, Antonacci says.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PabloE219
50%
50%
PabloE219,
User Rank: Apprentice
1/2/2019 | 8:39:28 PM
Nicely said and explained! Cyberattacks scare us all.

Great post, well written and explained!

Just stumbled across this and I feel this could be useful: https://reactdom.com/cybersecurity
vijaydeveloper
0%
100%
vijaydeveloper,
User Rank: Guru
11/20/2018 | 6:24:11 AM
Why it happen most of the time?
Currently, every person's mind having a fear of cyber attack. But people need not worry about the same, Here you can find it. https://hackr.io/tutorials/learn-growth-hacking
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11350
PUBLISHED: 2019-04-19
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
CVE-2019-11351
PUBLISHED: 2019-04-19
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
CVE-2019-2039
PUBLISHED: 2019-04-19
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1...
CVE-2019-2040
PUBLISHED: 2019-04-19
In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Androi...
CVE-2019-2041
PUBLISHED: 2019-04-19
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Produc...