#AceNewsServices – UNITED STATES – June 23 – Criminals have successfully attacked a hedge fund, delaying trades and stealing profitable secrets in a rare direct raid on the financial services sector, according to BAE Systems Applied Intelligence.
(In Two Years Hedge Fund Fraud Using Malware is on the Increase)
The clever hack cost the unnamed US-based hedge fund millions of dollars over two months, the firm alleges. Attackers apparently lifted information on complex and high speed trades from the firm, then sent the details to external servers using malware which implanted on the victim’s network.
(Malware Attacking Email)
The identity of the attackers is unknown, BAE product director Paul Henninger toldCNBC, but the stolen data could be immensely profitable for smaller hedge firms looking for a leg up into the market.
The assumption of espionage was given further weight because attackers added slight delays to the time between the issuance and execution of the victim’s trades – a feat which lead to the discovery of the attacks but may have provided a rival firm with a trading advantage.
"This was something that was getting reviewed at the board level of this hedge fund precisely because it was having a material impact on performance across the portfolio," Henninger said.
Officials at eSentire, an Ontario-based cyber-security firm that specializes in securing US hedge funds, private equity firms, and other boutique financial companies, say they have seen phishing attacks directed at hedge funds roughly double between February 2013 and January 2014.
“Especially in the last few months we’ve seen very targeted attacks against people who own hedge funds, spear-phishing attacks directed at around 20 of the top 50 hedge funds,” says Eldon Sprickerhoff, chief security strategist for eSentire. “The criminals are using social media, every public resource, to figure out who to hit next.”
(Watering Hole Attacks)
So-called “watering hole” attacks, which involve planting malware on hedge fund law blogs and back-office sites used by hedge fund workers, are another key means of gaining a foothold on hedge fund networks, he says.
Those clicking on the law blog to find out the most recent legal or regulatory information are unwittingly depositing malware on their network.
Ace Related News:
1. CS Monitor