Gartner Report:
Innovation Insight for
Security Orchestration,
Automation and Response DOWNLOAD NOW

Nasdaq Cyber Attack

Imagine the possibilities for financial gains & loss and potential for worldwide impact if a cyber attacker was able to gain access to  computer systems which run the stock market.   It appears that our adversaries in cyber space are working towards this goal - what are they up to?

There were a couple of recent articles released by the Wall Street Journal regarding a possible penetration into the computers that run the Nasdaq stock market.  The exchange's trading platform computers were not the ones compromised, but a complete understanding of systems affected by the intrusion is still unknown. It has been reported that other parts of network were accessed, but for how long and what knowledge was gained is an unknown.

This is another instance of Advanced Persistent Threats (APTs) targeting the financial district of nations, in particular stock exchanges. The US economy has seen better days in the past year and an attack on the stock market from a cyber perspective could cause immense damage and the worst part, it could happen in the blink of an eye from an entity a thousand miles away or a hundred feet.  The WSJ is reporting more unknowns than actual facts as motives are unknown, actions taken by the perpetrators and who those individuals are just a few of the pieces of the puzzle being left out.

"So far, [the perpetrators] appear to have just been looking around"

The quote by a person involved stated "So far, [the perpetrators] appear to have just been looking around" has to make one wonder how much intel was gained from this unfettered access and what foothold (if any) was left behind so entrance into those systems could be easily gained.

Another such instance occurred to the London Stock Exchange back last year in August when prices of stock for 5 large companies dropped significantly. Another instance happened again in November because of “suspicious occurrences”, yet was ruled human error, but police still investigated.

This is yet another recent example of threat actors becoming increasingly sophisticated with their attacks and follow-on actions associated with the attacks.  The skilled actors are not only looking for quick wins, but are also becoming increasingly patient with their operations.  The impact to trading is believed to be small, if anything, but this incident shows that the markets are vulnerable to more damaging operations than “just looking around”.  What steps are you taking to verify your systems are not at risk to these persistent cyber threats?