The Christian Science Monitor reports that US hedge funds have been under stealthy attacks from cyber-criminals intent on intercepting trading strategies. The article notes that for about two years, US hedge funds have been under covert attacks from cyber-criminals intent on intercepting trading strategies in order to profit from front-running and other illicit maneuvers.
That hidden cyber-crime trend was highlighted last week when an unnamed US-based hedge fund was said to have been hacked and its stream of high-speed trade data intercepted by cyber-criminals. They, in turn, apparently used the data to make their own trades first.
The criminals inserted malware onto the hedge fund trading system platform that in turn caused an almost imperceptible microsecond or two delay to each of the speedy trades – enough to allow the criminals to do their own trading ahead of the company, BAE Systems Applied Intelligence experts said.
The just-disclosed hedge fund attack started in late 2013 with hackers sending a “spear phishing” e-mail that, once opened, installed malware onto the hedge fund’s servers, BAE Systems officials said. The spear phishing e-mails appeared related to developments in the capital markets industry.
But even if the BAE disclosure was unusual in its sophistication, it was actually just one of many cases, part of a wave of largely unseen cyber-attacks targeting hedge funds over the past two years, say cyber-security experts.
These so-called “watering hole” attacks involve planting malware on hedge fund law blogs and back-office sites used by hedge fund workers and are a key means of gaining a foothold on hedge fund networks. Those clicking on the law blog to find out the most recent legal or regulatory information are unwittingly depositing malware on their network.
The full article is worth a read.