MOSCOW, December 1 (Sputnik) — One of America’s leading cybersecurity enterprises, FireEye Inc. has published a report today detailing possible stock market manipulations by a group of hackers who recently obtained merger-and-acquisition (M&A) data on more than 80 companies.
FireEye has revealed that a hacker group called FIN4 gained access to confidential corporate data and communications, as well as other classified information, by misleading lawyers, business advisors and even executives, resulting in massive information leaks. According to a report, published Monday, this information is possibly being used for insider trading, in violation of market rules and financial regulations.
Check out the cyber wolves of Wall Street in "Hacking the Street? FIN4 Likely Playing the Market" http://t.co/k7zuBhkqrA #ThreatIntel #FIN4
— FireEye (@FireEye) December 1, 2014
FIN4 started hacking corporate emails in mid-2013 and has accessed corporate email accounts in more than 100 enterprises ever since, the study revealed. The majority of the firms who were attacked are in the fastest-growing area of global economy, namely, pharmaceutics and healthcare. However, other sectors are affected as the leaked information includes data on enterprises in investment banking, investor relations firms and legal consultancies.
The hackers are most likely based in North America or Western Europe and their ultimate goal appears to be gaining competitive edge in the prosperous segments of the financial sector, where sensitive information like clinical tests, legal procedures and regulative decisions impact valuations of stocks if leaked for a broader public access. FIN4 is very well-connected in the Wall Street, the study says, as their phishing emails are directed personally to each victim, showing an extensive acquaintance with the victim’s background. In some cases, some previously stolen confidential info was used to win the victim’s trust. Sometimes phishing links were emailed from the previously cracked emails of long-time customers of the victim.
“We suspect they are Americans, given their Wall Street inside knowledge,” FireEye’s Manager of Threat Intelligence Jen Weedon said as quoted by Bloomberg. “They seem to have worked on Wall Street.”
As opposed to Russia- or China-based hacker groups, FIN4 acts a lot smarter by not using malware to infiltrate deeper in the victim’s networking infrastructure, making the attack harder to detect. They steal precisely the information they need, which means that many victims do not notice the tiny breach of their cybersecurity.
“FIN4 has been observed creating a rule in victims’ Microsoft Outlook accounts that automatically deletes any emails that contain words such as “hacked”, “phish”, “malware”, etc,” the study says. This “likely buys FIN4 extra time before victim organizations detect their activities,” FireEye concludes.
“We cannot say for certain what happens after they gain access to insider information. What we can say is that FIN4’s network activities must reap enough benefit to make these operations worth supporting for over a year—and in fact, FIN4 continues to compromise new victims as we finish this report,” FireEye concludes.
However, FIN4 tactics are simple, meaning that basic security efforts will render their espionage efforts fruitless. FireEye suggests “disabling VBA macros in Microsoft Office by default”, “enabling two-factor authentication for OWA and any other remote access mechanisms” and “check their network logs for OWA logins from known Tor exit nodes” as legit users do not usually use Tor when accessing their email.