Want to Make $100 Million from Hacking? Steal Press Releases

Stealing credit card number? Old hat. Ransoming information? Been there, done that. Apparently, if you want to make real money from hacking (not that we’re suggesting this), press releases are the latest and most lucrative piece of valuable information.

Here’s how it works:

  • Giant companies like Business Wire receive information on mergers, acquisitions, quarterly numbers, and other information that’s valuable if you’re trading on the stock market.
  • This information is kept under embargo to prevent insider trading.
  • Once this information is stolen, unscrupulous traders can use it to move their stock positions, essentially committing insider trading, but without having to actually know an insider.

According to a recent story from The Verge, this practice is endemic – and may have not only resulted in one of the largest securities frauds in US history, but also one of the largest unpunished securities frauds ever. Here are the highlights.

PR Firms Badly Need to Update Their Security

Over a five-year period from 2007 to 2012, a group of Ukrainian hackers broke into at least three major newswires. They worked with traders who were active on the darknet, providing lists of press releases in exchange for 40% of the profits from illicit trades.

In a certain way, these attacks are very similar to a range of cyberattacks that Safe-T has already covered – cyberattacks versus law firms. Law firms often process the same kind of merger and acquisition data that inside traders find valuable. Law firms have another similarity to PR firms – both sets of industries are often extremely insecure.

During the five years that the Ukrainian hackers operated, they were able to thwart every kind of access control, software patch, and antivirus product that the newswires were using to stop them. The newswires knew that they were being hacked, and they even knew the methods that the attackers were using, but they couldn’t be stopped. In one notable example, one newswire was able to remove the hackers’ access entirely – only for the attackers to find their way back in less than six weeks later.

The hackers’ reign of terror was put to an end once their ringleader was arrested in 2012 – but here’s the kicker: the end was only temporary. Instead of being extradited to the United States or sent to prison, the ringleader was recruited – by the Ukrainian government. He’s still out there, using government resources as part of an Advanced Persistent Threat.

How Can PR Firms Stop the Bleeding?

Over the five years that they spent under attack, the three PR firms fell victim to just about every hacking technique out there, in particular:

  • Code Injection: Sneaking executable code into a website’s database by exploiting vulnerable inputs, and then using that access to move laterally into a corporate network.
  • Phishing: Tricking employees into either giving up their passwords or letting attackers install malware on their personal computers.
  • Malicious Insiders: In some cases, the attackers were even able to bribe employees into giving up their network passwords.

In each case, these methods represent access and authentication problems. If you’re able to find your way to a corporate database from the login screen of a corporate intranet, then the web application has too much access to the network. If you can compromise a database by phishing or purchasing access from one or two employees, then your employees have too much access.

In an ideal world, potential attackers wouldn’t be able to detect your network at all. In this world, attackers would undergo authentication – and rejection – by your IAM controls before they ever saw a login screen. Even stealing credentials wouldn’t work.  

This is the world that’s enabled by Safe-T. The Safe-T technology platform is a multi-module data-protection system that uses a zero-trust approach to screen out attackers from your network and control data usage. In this example, Safe-T would prevent an authorized users (e.g. attackers) from accessing the network. If an attacker was able to steal credentials, they’d find themselves inside a limited virtual network, with no opportunity to move laterally into protected areas. Lastly, even if they found themselves inside an account with access to press releases, they’d encounter strongly-encrypted files protected by a system that would automatically alert admins when those files were moved, decrypted, or changed.

In other words, your press-releases are safe.

For more information, contact Safe-T today for a free demo.

Software Defined Access WP

*** This is a Security Bloggers Network syndicated blog from Safe-T Blog authored by Amir Mizhar. Read the original post at: