Security researchers have discovered a cyberespionage attack aimed at stealing corporate secrets of healthcare and pharmaceutical companies for the purpose of gaining an insider edge on the stock market.
FireEye uncovered a group of cyber criminals who broke in more than 100 publicly traded companies to breach merger discussions, potential legal troubles, and secret product pipeline; information that would give them an unfair advantage when trading the shares of these companies on the stock market.
This is the first instance of hackers being caught spying on firms in order to bet on the stock market. The news reveals the many vulnerabilities of corporate computer networks and how hackers can use social engineering to target different areas of a company for financial gains.
The cyber hacking group goes by the name ‘FIN4’. FireEye’s report revealed that they breached email accounts of individuals who frequently communicate about stock market-moving. The hackers are said to be native English speakers from Western Europe or North America.
FIN4 fooled industry professionals into believing they are engaging in legit communications by using Wall Street language. While the report from the security firm didn’t highlight how much hackers have made so far by stealing insider secrets, the firm says that data breaches have been taking place since the middle of 2013, when it initially began tracking the criminals. These hackers have a good hold on Wall Street slang.
The group has not been easy to track. It doesn’t use any malware so it is difficult for security companies to detect their activity. FIN4 instead targets employees of the companies by sending phishing emails. They fool corporate employees into entering their credentials into fake web pages, and then use the usernames and passwords to gain access to a company’s network.
“FIN4 focuses on acquiring information about ongoing M&A [merger and acquisitions],” stated the report. “The group frequently employs M&A-themed lures with Visual Basic for Applications (VBA) macros implemented to steal the usernames and passwords of these key individuals.”
Targeted victims include legal counsel, top-level executives, risk and compliance officers, scientists and researchers. In some cases, hackers used previously stolen documents to aid their deception. There were also cases where investment reports were embedded to add credibility to emails.
Instead of relying on malware, hackers read an employee’s email and set rules for the breached inboxes to delete any email containing keywords such as ‘malware, phished , or hacked’, to get more time before the victims learn their email was compromised.
FireEye didn’t disclose the victims, but said that all the affected companies were listed on NASDAQ or the New York Stock Exchange, while some were listed on exchanges outside the US.
How can companies avoid such attacks?
It’s vital for healthcare and pharma companies to educate their employees about phishing scams and take proactive actions to prevent such instances. Additionally, firms can take the following measures:
Enhance PC security: Install anti-spyware and antivirus solutions on PCs and make sure they are updated to the latest version provided by the vendor. Companies can also integrate phishing filters in web and mobile browsers. Most of the financial sites should be accessed via ‘HTTPS’ connection.
Use anti-phishing solutions: Anti-phishing solutions that feature cyber monitoring will detect phishing campaigns whether in the form of compromised employee emails, cyber squatting, copyright, trademark or material infringement. Some companies also back these solutions with reports for local authorities to take action.
Ask employees to avoid third-party sites: Employees should be trained to avoid embedded forms in email messages. They should also look at a redirected site carefully before entering company credentials.
Taking these measures can provide defense against phishing attempts.