Finance-Savvy Hackers Target Wall Street

Hackers are putting a new twist on the concept of insider trading. A cybercrime ring known as FIN4 is apparently stealing insider information and using it to manipulate stock prices on Wall Street.

FireEye, an advanced cyberattack prevention firm, just released an intelligence Relevant Products/Services report that offers an in-depth analysis of how the financially-motivated cybercriminals are executing attacks against publicly-traded companies to play the stock market.

“Advanced threat Relevant Products/Services actors conducting attacks to play the stock market to their advantage has long been a worry but never truly seen in action,” said Dan McWhorter, Vice President of Threat Intelligence at FireEye. “FIN4 is the first time we are seeing a group of very sophisticated attackers actually systematically acquire information that only has true value to a criminal when used in relation to the stock market.”

Never-Before Seen

Entitled “Hacking the Street? FIN4 Likely Playing the Market,” the report exposes the work of a team of native English speaking operators with deep knowledge of how the targeted industries work and the nuances of their financial practices.

FireEye has dubbed the group FIN4 and concluded the group has targeted about 100 publicly-traded companies — or their advisory firms — to collect information to gain a trading advantage on Wall Street.

The security Relevant Products/Services firm said FIN4 is not like nation-state backed advanced persistent threat groups based in China and Eastern Europe. Rather, FIN4 executes its attacks in a way FireEye said it has never seen. Specifically, the group does not rely on malware, but depends heavily on highly-targeted social engineering tactics and deep subject-matter expertise to deliver weaponized versions of legitimate corporate files.

Industrial Espionage

This is not a new attack Relevant Products/Services. Since at least mid-2013, FireEye has reported that FIN4 has made product development, M&A (mergers and acquisitions) strategies, legal issues, and purchasing processes of companies its target data Relevant Products/Services points. Based on the fact that the attackers appear to have a strong command of English colloquialisms and knowledge of regulatory and compliance standards, FireEye researchers believe FIN4 is based in the United States or Western Europe.

Finally, FIN4 uses what FireEye calls “highly advanced techniques” for breaking into an organization and has security practices on the data it transmits. For example, stolen login credentials were transferred to FIN4 servers in plain text while the operators use TOR to mask their locations and identities.

“This group is not leveraging any sophisticated malware, or complex hacking techniques to gain access to sensitive data,” Kevin Westin, a security analyst for advanced persistent threat detection firm Tripwire, told us. “They are going after the weakest link in the security chain, people. Given the targets and the data compromised you could call this white collar cybercrime because the goal appears to be industrial espionage.”

Sourse: toptechnews.com