Cybercriminals Take Over Stock Trading on Wall Street

Cybercriminals could be running the show on Wall Street if a recent report by Fire Eye is anything to go by. The reports indicate the hackers infiltrated the computer network of 100 companies on Wall Street, stealing crucial information which could help them commit insider trading. Their identities is still an enigma but there is wide speculation that the hackers are North Americans or Western Europeans.

Cyber criminals are literally having a Bull Run on Wall Street and could actually be the ones moving the Dow Jones in the recent past. A report by Fire indicate that a financial savvy hackers group dubbed FIN4 infiltrated the computer networks of over 100 companies in Wall street, stealing crucial financial information that could help them sway the financial markets to their advantage.

For over a year, FIN4 has been employing social engineering tactics to gain access to email accounts of important market players who regularly communicate on financial matters especially on mergers, acquisition and other financial strategies that are likely to move stocks dramatically. “The group frequently employs M&A [merger and Acquisition}-themed lures with Visual Basic for Applications (VBA) macros implemented to steal the usernames and passwords of these key individuals.”

The hackers who’ve only been identified as Either North Americans or Western Europeans, are well versed with Wall Street Slang and have a sound background in investment baking. They are able to lure their victims using tailored emails written in flawless Investment language to convince the victims into trusting the source of the Emails. High priority targets include, CEO in the pharmaceutical industry, Scientist, Legal counsel and compliance officers. At one once instance, the group posed as an investment consultant of one of the two companies in potential acquisition.

In a majority of the cases, the group used previous stolen investment reports to trick senior executives into opening email attachments or clicking links embedded in emails. Clicking on the links directs the victims into spoofed websites designed to steal the victims’ login credentials. FIN4 later uses the credential to secretly access the victim’s inbox for juicy investment information.

FIN4 has a special interest in the pharmaceutical industry, with half of the hacked companies being biotechnology firms, 13 percent specialize in medical devices, and 12% deal with medical equipment while 10% are drug manufacturers. Health care providers and health research organizations too rank high on the hackers’ checklist.

It was only a matter of when but not if hackers would come gun blazing on Wall Street says FireEye. However, FIN4 is a rare strain of hackers who are only interested in stealing financial intelligence as opposed to stealing hard cash. “It is the first time we are seeing a group of very sophisticated attackers actually systematically acquire information that only has true value to a criminal when used in relation to the stock market,” Said Dan McWhorter, FireEye’s vice president of threat intelligence,.

Unlike typical hackers, FIN4 leaves very few digital footprints which are hard to notice by unsuspecting victims. Notably, the group don’t employ malwares to break the defense mechanism of the victims nor crawl further into the company’s servers. They are only interested with the email accounts of targeted senior executive, which apparently contain “enough juicy information” that could help them commit insider trading says Jen Weedon.

Fire eye declined to divulge the Identities of companies affected by the breach citing client’s confidentiality, but says the case is now under investigation by the FBI and Security Exchange commission. Security Experts believe netting the culprits will be an uphill task considering that little is known about them and the fact that they employed The Onion Router (TOR) to cover their tracks.

“It’s hard because we don’t have pictures of guys at their keyboards, just that they are native English speakers who can inject themselves seamlessly into email threads.” says Ms. Weedon. “If it’s not an American, it is someone who has been involved in the investment banking community and knows its colloquialisms really well.”

Top/Featured Image: By RMajouji / Wikipedia (

Pierluigi Paganini Cyber Security Analyst; Member, European Union Agency for Network and Information Security Threat Landscape Stakeholder Group; Founder, Security Affairs Blog. Co-author of The Deep Dark Web: The Hidden World.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.