http://bits.blogs.nytimes.com/2014/06/19/cybercriminals-zero-in-on-a-lucrative-new-target-hedge-funds/
By Nicole Perlroth
Bits
The New York Times
June 19, 2014
They say crime follows opportunity.
Computer security experts say hedge funds, with their vast pools of money
and opaque nature, have become perfect targets for sophisticated
cybercriminals. Over the past two years, experts say, hedge funds have
fallen victim to targeted attacks. What makes them such ripe targets is
that even as hedge funds expend millions in moving their trading
operations online, they have not made the same investment in security.
The latest evidence comes in the form of a new report Wednesday from BAE
Systems, a computer security firm, that an unnamed hedge fund lost
millions of dollars after criminals installed malware on its trading
systems late last year. The malware was designed to insert a lag time in
the hedge fund’s trading system and record the details of orders, so the
attackers could trade on the information themselves.
According to BAE Systems, the attack began with a so-called spearphishing
email, which contained links purporting to be about capital markets. Once
they were clicked, an employee inadvertently downloaded malware onto a
computer that gave criminals deeper access to the fund’s trading systems.
The attack was noticed only after the fund’s analysts and tech staff
discovered the lag times in its algorithmic trading strategy and abnormal
file movement on its network. The breach, which was first reported by
CNBC, cost the fund millions of dollars in recovery, according to BAE
Systems, which did not name the fund.
But security experts say the crime is hardly new. “Hedge funds have been
victims of targeted cyberattack over the past two years,” said Tom
Kellermann, the chief cybersecurity officer at TrendMicro. “Hedge funds
are woefully undersecured. The lack of investment in their cybersecurity
has placed them in the line of fire.”
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
