A recent joint study conducted by the Research Department of the International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges Offices (WFE) showed stock exchanges are experiencing increasing cyber attacks from hackers.
Survey reveals cyber attacks on stock exchanges
The WFE/IOSCO survey revealed that 53 percent of stock exchanges experienced cyber attacks over the past year. According to the study, the most common type of attack launched against the stock exchanges were malicious codes or viruses and denial of service attacks (DDos). The WFE and IOSCO found that the attacks were destructive in nature instead of aiming to steal funds immediately.
The result of the study suggested that hackers’ motives for cyber crimes changed from financial gains towards destabilization. According to the study, the incidence of attacks against stock exchanges indicate that cyber crimes are targeting the core infrastructure and the essential services of the securities markets.
“At this stage, these cyber-attacks have not impacted core systems or market integrity and efficiency. However, some exchanges surveyed suggest that a large-scale, successful attack may have the potential to do so.”
70 percent of stock exchanges that participated in the survey reported cyber attacks to authorities and regulators, and 93 percent of the stock exchanges said their respective senior management discussed and understood the attacks.
Stock exchange preventive measures in place
The stock exchanges said the attacks were detected immediately and each have myriad proactive and reactive defense and preventive measures in place. The stock exchanges also implement an annual training for general non-IT staff.
According to the study, a significant number of stock exchanges believe that a 100 percent security is an illusion and 25 percent say the current preventive and recovery measures may not be able to cope against a large-scale and coordinated attack.
In May, a global network of hackers managed to steal $45 million in just hours using sophisticated methods. Authorities arrested seven suspects in the United States. According to prosecutors, the cyber criminals hacked the databases of prepaid cards and were able to withdraw money from ATMs. The hackers plundered ATMs in 27 countries worldwide
Five hackers from Eastern Europe attacked NASDAQ and other major corporations in the United States. The cyber criminals stole 160 million credit card numbers from retail banks, but they failed to infiltrate the actual infrastructure used by the NASDAQ for buying and selling stocks. United States authorities arrested the cyber criminals and filed legal charges against them last month.
The failure of the hackers to infiltrate the NASDAQ trading floor demonstrated that the infrastructure of exchange has high security. Stealing money will be extremely difficult and it can detect even the most sophisticated viruses such as the Stuxnet, which was used to disrupt the Iranian nuclear plants.
Cyber crimes becoming more dangerous
Based on these recent hacking incidents, cyber criminals are clearly becoming more dangerous and sophisticated with their attacks against infrastructures. Mathew Prince, CEO of CloudFare said, “Attackers are moving up the sophistication scale. You’re seeing attacks being launched more against the underlying infrastructure.”
Prince added that exchanges are well protected, but there is a possibility that hackers might be able to steal some information. He said, “There’s something between the front page of the website and NASDAQ’s trading platform. Anything that’s passing across the public internet is up for grabs.”
Adriel Desautels, founder of Netragard, opined that people in the financial industry think they have a solid understanding about cyber security, but he believes otherwise. He said, “Generally, people in the finance industry do not have any solid understanding of security. They think they do, but they don’t. People in finance tend to be very easy to socially engineer.”