Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/19/2018
06:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Securities Markets at High Risk of Cyberattack

A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.

In the financial sector, the global securities market is more vulnerable to short-term cybersecurity threats than the banking and payments market, foreign exchange (forex) market, and trade finance segment, new analysis shows.

BAE Systems and SWIFT, the provider of financial messaging services for banks globally, recently assessed the threats that different parts of the financial sector face from advanced persistent threat (APT) actors. They did so against a set of threat factors that might influence an APT group's assessment of whether to develop and undertake attacks against it.  

Among the factors considered were the ease with which an APT group would be able to target a particular finance market's infrastructure and the companies using the infrastructure to conduct their business. The two organizations also analyzed the potential financial gains an APT group could make from targeting a particular finance market, the ease with which they could monetize stolen assets and repeat attacks, as well as traceability and stealth.

In addition, the researchers looked at so-called susceptibility factors to determine each financial market's inherent vulnerabilities to cyberthreats. As part of this exercise, the researchers evaluated factors such as transactional and operational complexity, the maturity of manual and automated processes, the maturity of regulatory oversight, and the availability of mutual checks and balances for catching errant behavior. Each of the threat and susceptibility factors was then assigned a high, medium, or low severity rating.

Researchers found that the securities market faces a greater cyberthreat than other areas of the financial sector. Both the infrastructure used for activities, such as trading, equities, bonds, and derivatives, as well as the organizations using it for these purposes, are at higher risk of cyberattack than banks, forex markets, and trade finance companies dealing in international trade transactions.

One major reason is the large number of participants and infrastructures in the sector, the complexity of transactions, long chains of custody, and the generally unstructured nature of communications in the space, BAE and SWIFT found.

They assessed that attacks on security market infrastructure components, such as Electronic Trade Confirmation and Central Securities Depositories, would yield substantial returns for threat actors even though such attacks would require some effort. The kind of mischief that attackers could do in this market include manipulating data such as securities ownership and values in a central securities depository and manipulating market and reference data.

At substantially greater risk are the participants or organizations actually using the infrastructure for securities-related activities. BAE and SWIFT found varying levels of cyber maturity and nonstandard, unstructured processes in use among organizations in this space. Many organizations use faxes and emails for communication and manage critical data in spreadsheets, the two companies said. Vulnerabilities in this segment give attackers a way to do things like falsifying trade orders, falsifying instructions to security depositories, and exploiting certain market practices to steal securities.

In terms of financial gain, though, cyberattackers would likely make less from attacking participants in the securities market than they would by attacking infrastructure components, BAE and SWIFT noted in their report.

Most concerns about attacks on the financial sector have focused on the banking segments. Attacks such as the one that emptied more than $80 million from the Bank of Bangladesh in 2016 have focused considerable attention on banking system vulnerabilities. BAE and SWIFT's study shows that, in reality, banks and payment systems are relatively less at risk compared with the securities market because the threats are somewhat better understood and because of the regulatory oversight that exists. Cashing out stolen assets is also more difficult for APT groups in the banking and payment market, the two companies assessed.

"None of the specific financial markets are necessarily safe," says Pat Antonacci, global director of the customer security program at SWIFT. Most of the threat activity to date has been in the bank and payment system space.

There have been attacks on card networks, ATMs, distributed ledger space, and other facets of the market. But most of the success attackers have had has been on the edge of the network and not so much on the core infrastructure, Antonacci says.

APT groups have recently begun evolving their attacks to other financial markets. "The shift is happening because bad guys are going to where the money is and where there is less security," he says.

In many cases, attackers have definite knowledge about the workings of the financial market. What is unclear is whether they are obtaining this knowledge from public sources or from insiders and other private sources. Also, when attackers gain initial access to a financial network, they tend to lay low for months together, surveying the terrain, getting to know how the system works, and understanding the checks and controls in place for detecting malicious activity. So once they are ready to execute, they have good knowledge of the system, Antonacci says.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PabloE219
50%
50%
PabloE219,
User Rank: Apprentice
1/2/2019 | 8:39:28 PM
Nicely said and explained! Cyberattacks scare us all.

Great post, well written and explained!

Just stumbled across this and I feel this could be useful: https://reactdom.com/cybersecurity
vijaydeveloper
0%
100%
vijaydeveloper,
User Rank: Guru
11/20/2018 | 6:24:11 AM
Why it happen most of the time?
Currently, every person's mind having a fear of cyber attack. But people need not worry about the same, Here you can find it. https://hackr.io/tutorials/learn-growth-hacking
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.