Cyber criminals target trading algorithms to steal related code

Pierluigi Paganini February 27, 2015

Security firms discovered a significant increase in the number of targeted attacks aimed at stealing the code related trading algorithms.

Cyber criminal organizations appear more interested in target trading algorithms, patents, trade secrets than other kinds of information, this is the new trend observed by security experts.

Cyber criminals are increasing their activity against private firms with the specific intent to access intellectual property and corporate secrets, bad actors are trying new ways to monetize their efforts.

“Not only are trading algorithms at risk, but other information such as patent status, trade secret information, manufacturing processes and yields amongst other piece of information that may not initially seem sensitive, but in the right hands can provide a trader or competitor information that will give them an edge over other groups,” explained Ken Westin, senior security analyst at Tripwire.

Criminals operate following classing extortion scheme or try to sell the stolen data in the underground black markets.

“In-house trading algorithms, the life blood of quantitative hedge funds and high-frequency traders, are being targeted by cybercriminals wanting to sell them on to unscrupulous traders,” wrote Judith Evans in a post published by the Financial Times. “The material may be deployed to effectively blackmail a company into buying back its own data; it may also be put to work in markets or sold on to unscrupulous traders, experts said.”

Cybercriminals are stealing source code of algorithms used by hedge funds and high-frequency traders for their trading activities according to the Financial Times.

Experts from security firm Kroll confirmed the trend revealing that they have detected three different attacks having this motivation.

“We have seen cases of the source code for algorithms being stolen. In two of the cases we were able to find the bad guy and stop him before he could share it on the Web,” Ernest Hilbert, head of cyberinvestigations for Europe, the Middle East and Africa.

FireEye firm has uncovered targeted attacks looking for access to trading systems as explained by Greg Day, chief technology officer at FireEye.

“It was a very targeted attack looking at gaining access to automated trading models.” said Day commenting an incident uncovered by the company. “We are seeing significant growth in targeted attacks going after a high-value return. I would expect that to grow further.”

In the past, such kind of crime was organized mainly by insiders, today the scenario is changing, with a significant increase in the number of attacks run by external hackers.

trading system-chart

This particular category of stolen data is becoming a precious commodity in the black market that are becoming the places where white collar criminals and hackers do their illegal business.

 “The important thing to realize is that if there is a buyer for this data, it has value and as such criminal hacker groups will target it. Underground markets and bitcoin are helping to establish marketplaces where white collar criminals and hackers can mingle and do business, something we have not seen before at this scale,” 

In this scenario, it is crucial for companies to improve their cyber security posture to mitigate the cyber threats. Companies and government entities need to implement an efficient Iinformation sharing process and adopt threat intelligence methodologies to profile the cyber threats.

Information is the most important asset for any enterprise .. let’s learn how to protect it.

Pierluigi Paganini

(Security Affairs –  trading  model, cybercrime)



you might also like

leave a comment