Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/19/2018
06:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Securities Markets at High Risk of Cyberattack

A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.

In the financial sector, the global securities market is more vulnerable to short-term cybersecurity threats than the banking and payments market, foreign exchange (forex) market, and trade finance segment, new analysis shows.

BAE Systems and SWIFT, the provider of financial messaging services for banks globally, recently assessed the threats that different parts of the financial sector face from advanced persistent threat (APT) actors. They did so against a set of threat factors that might influence an APT group's assessment of whether to develop and undertake attacks against it.  

Among the factors considered were the ease with which an APT group would be able to target a particular finance market's infrastructure and the companies using the infrastructure to conduct their business. The two organizations also analyzed the potential financial gains an APT group could make from targeting a particular finance market, the ease with which they could monetize stolen assets and repeat attacks, as well as traceability and stealth.

In addition, the researchers looked at so-called susceptibility factors to determine each financial market's inherent vulnerabilities to cyberthreats. As part of this exercise, the researchers evaluated factors such as transactional and operational complexity, the maturity of manual and automated processes, the maturity of regulatory oversight, and the availability of mutual checks and balances for catching errant behavior. Each of the threat and susceptibility factors was then assigned a high, medium, or low severity rating.

Researchers found that the securities market faces a greater cyberthreat than other areas of the financial sector. Both the infrastructure used for activities, such as trading, equities, bonds, and derivatives, as well as the organizations using it for these purposes, are at higher risk of cyberattack than banks, forex markets, and trade finance companies dealing in international trade transactions.

One major reason is the large number of participants and infrastructures in the sector, the complexity of transactions, long chains of custody, and the generally unstructured nature of communications in the space, BAE and SWIFT found.

They assessed that attacks on security market infrastructure components, such as Electronic Trade Confirmation and Central Securities Depositories, would yield substantial returns for threat actors even though such attacks would require some effort. The kind of mischief that attackers could do in this market include manipulating data such as securities ownership and values in a central securities depository and manipulating market and reference data.

At substantially greater risk are the participants or organizations actually using the infrastructure for securities-related activities. BAE and SWIFT found varying levels of cyber maturity and nonstandard, unstructured processes in use among organizations in this space. Many organizations use faxes and emails for communication and manage critical data in spreadsheets, the two companies said. Vulnerabilities in this segment give attackers a way to do things like falsifying trade orders, falsifying instructions to security depositories, and exploiting certain market practices to steal securities.

In terms of financial gain, though, cyberattackers would likely make less from attacking participants in the securities market than they would by attacking infrastructure components, BAE and SWIFT noted in their report.

Most concerns about attacks on the financial sector have focused on the banking segments. Attacks such as the one that emptied more than $80 million from the Bank of Bangladesh in 2016 have focused considerable attention on banking system vulnerabilities. BAE and SWIFT's study shows that, in reality, banks and payment systems are relatively less at risk compared with the securities market because the threats are somewhat better understood and because of the regulatory oversight that exists. Cashing out stolen assets is also more difficult for APT groups in the banking and payment market, the two companies assessed.

"None of the specific financial markets are necessarily safe," says Pat Antonacci, global director of the customer security program at SWIFT. Most of the threat activity to date has been in the bank and payment system space.

There have been attacks on card networks, ATMs, distributed ledger space, and other facets of the market. But most of the success attackers have had has been on the edge of the network and not so much on the core infrastructure, Antonacci says.

APT groups have recently begun evolving their attacks to other financial markets. "The shift is happening because bad guys are going to where the money is and where there is less security," he says.

In many cases, attackers have definite knowledge about the workings of the financial market. What is unclear is whether they are obtaining this knowledge from public sources or from insiders and other private sources. Also, when attackers gain initial access to a financial network, they tend to lay low for months together, surveying the terrain, getting to know how the system works, and understanding the checks and controls in place for detecting malicious activity. So once they are ready to execute, they have good knowledge of the system, Antonacci says.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PabloE219
50%
50%
PabloE219,
User Rank: Apprentice
1/2/2019 | 8:39:28 PM
Nicely said and explained! Cyberattacks scare us all.

Great post, well written and explained!

Just stumbled across this and I feel this could be useful: https://reactdom.com/cybersecurity
vijaydeveloper
0%
100%
vijaydeveloper,
User Rank: Guru
11/20/2018 | 6:24:11 AM
Why it happen most of the time?
Currently, every person's mind having a fear of cyber attack. But people need not worry about the same, Here you can find it. https://hackr.io/tutorials/learn-growth-hacking
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7843
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7846
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7847
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.
CVE-2019-7848
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7850
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.