According to CNBC, cybercriminals acting in late 2013 installed a malicious computer program on the servers of a large hedge fund, crippling its high-speed trading strategy and sending information about its trades to unknown offsite computers. They attack was thwarted by a cyber intelligence firm BAE Systems Applied Intelligence, which declined to name the hedge fund that came under attack.
CNBC says attackers went after the hedge fund’s trade order entry system, seeking to disrupt the fund’s trading strategy and to send details of the trades themselves outside the firm. The attack started as a “spear phishing” email that, when opened, installed itself on the fund’ servers.
The CNBC article continues:
Over the months after the email was sent, financial analysts and IT managers at the firm noticed two problems that they did not initially realize were connected. At first, the firm noticed that its algorithmic trading strategy—a computer-based trading system that depended on high-speed trades—had suddenly become ineffective. Upon investigation, the traders discovered an unexpected lag time between when they were issuing trade orders and when those orders were executed. The delays the attackers added to the trading software ranged from hundreds of microseconds to the low-single-digit milliseconds. BAE’s analysts concluded the attackers were trying to create tiny delays in the hundreds of microsecond range.
This attack comes on the heels of the SEC’s announcement that they plan to examine the policies and procedures asset managers have in place to prevent and detect cyber attacks.
BAE technicians in recent weeks have also spotted a cyberattack that used malware to take over a large property and casualty insurer’s underwriting system. Using the compromised system, the criminals created fake insurance policies and filed claims against them. This cyber attack represents a new level of intrusions designed to extract business strategy information from a wide range of industries.
Hedge funds must be prepared to defend themselves — or at least put in place proper protections to help prevent cyber attacks.
ACE IT Solutions’ Security Services, offered in partnership with IBM, provide a simple and cost-effective way to limit potential threats 24×7. Through our partnership with IBM, ACE IT Solutions leverages one of the world’s largest collections of security information to combine advanced analytic capabilities into cloud-based security services that can be mixed and matched according to specific needs. Contact us at 646-558-5575 or firstname.lastname@example.org to schedule a free security consultation.
Read more: http://www.cnbc.com/id/101770396