Attacks/Breaches

11/19/2018
06:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Securities Markets at High Risk of Cyberattack

A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.

In the financial sector, the global securities market is more vulnerable to short-term cybersecurity threats than the banking and payments market, foreign exchange (forex) market, and trade finance segment, new analysis shows.

BAE Systems and SWIFT, the provider of financial messaging services for banks globally, recently assessed the threats that different parts of the financial sector face from advanced persistent threat (APT) actors. They did so against a set of threat factors that might influence an APT group's assessment of whether to develop and undertake attacks against it.  

Among the factors considered were the ease with which an APT group would be able to target a particular finance market's infrastructure and the companies using the infrastructure to conduct their business. The two organizations also analyzed the potential financial gains an APT group could make from targeting a particular finance market, the ease with which they could monetize stolen assets and repeat attacks, as well as traceability and stealth.

In addition, the researchers looked at so-called susceptibility factors to determine each financial market's inherent vulnerabilities to cyberthreats. As part of this exercise, the researchers evaluated factors such as transactional and operational complexity, the maturity of manual and automated processes, the maturity of regulatory oversight, and the availability of mutual checks and balances for catching errant behavior. Each of the threat and susceptibility factors was then assigned a high, medium, or low severity rating.

Researchers found that the securities market faces a greater cyberthreat than other areas of the financial sector. Both the infrastructure used for activities, such as trading, equities, bonds, and derivatives, as well as the organizations using it for these purposes, are at higher risk of cyberattack than banks, forex markets, and trade finance companies dealing in international trade transactions.

One major reason is the large number of participants and infrastructures in the sector, the complexity of transactions, long chains of custody, and the generally unstructured nature of communications in the space, BAE and SWIFT found.

They assessed that attacks on security market infrastructure components, such as Electronic Trade Confirmation and Central Securities Depositories, would yield substantial returns for threat actors even though such attacks would require some effort. The kind of mischief that attackers could do in this market include manipulating data such as securities ownership and values in a central securities depository and manipulating market and reference data.

At substantially greater risk are the participants or organizations actually using the infrastructure for securities-related activities. BAE and SWIFT found varying levels of cyber maturity and nonstandard, unstructured processes in use among organizations in this space. Many organizations use faxes and emails for communication and manage critical data in spreadsheets, the two companies said. Vulnerabilities in this segment give attackers a way to do things like falsifying trade orders, falsifying instructions to security depositories, and exploiting certain market practices to steal securities.

In terms of financial gain, though, cyberattackers would likely make less from attacking participants in the securities market than they would by attacking infrastructure components, BAE and SWIFT noted in their report.

Most concerns about attacks on the financial sector have focused on the banking segments. Attacks such as the one that emptied more than $80 million from the Bank of Bangladesh in 2016 have focused considerable attention on banking system vulnerabilities. BAE and SWIFT's study shows that, in reality, banks and payment systems are relatively less at risk compared with the securities market because the threats are somewhat better understood and because of the regulatory oversight that exists. Cashing out stolen assets is also more difficult for APT groups in the banking and payment market, the two companies assessed.

"None of the specific financial markets are necessarily safe," says Pat Antonacci, global director of the customer security program at SWIFT. Most of the threat activity to date has been in the bank and payment system space.

There have been attacks on card networks, ATMs, distributed ledger space, and other facets of the market. But most of the success attackers have had has been on the edge of the network and not so much on the core infrastructure, Antonacci says.

APT groups have recently begun evolving their attacks to other financial markets. "The shift is happening because bad guys are going to where the money is and where there is less security," he says.

In many cases, attackers have definite knowledge about the workings of the financial market. What is unclear is whether they are obtaining this knowledge from public sources or from insiders and other private sources. Also, when attackers gain initial access to a financial network, they tend to lay low for months together, surveying the terrain, getting to know how the system works, and understanding the checks and controls in place for detecting malicious activity. So once they are ready to execute, they have good knowledge of the system, Antonacci says.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vijaydeveloper
50%
50%
vijaydeveloper,
User Rank: Apprentice
11/20/2018 | 6:24:11 AM
Why it happen most of the time?
Currently, every person's mind having a fear of cyber attack. But people need not worry about the same, Here you can find it. https://hackr.io/tutorials/learn-growth-hacking
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
CVE-2018-15805
PUBLISHED: 2018-12-10
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
CVE-2018-16635
PUBLISHED: 2018-12-10
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.