Severity Score: 3
How did we get these numbers?
What was breached: Business Wire, Marketwired and PR Newswire
Delivery: February 2010 - August 2015
The Attackers: Attackers from US, France, Cyprus, Russia, and the Ukraine
Beginning in early 2010, a ring of hackers breached financial wire companies Business Wire, Marketwired, and PR Newswire, patiently exfiltrating press releases related to a number of Fortune 500 companies (including HP, Home Depot, and Caterpillar) before the releases were made public. After the press releases were exfiltrated, they were analyzed by traders who would buy or short stock depending on the information contained in the press releases. According to the SEC filing, the hacker-trader ring made over $100 million in insider trades over the five year period.
|Plan Time||Indirect Attack||Cyber/Human Coordinated||Zero-Days Used||Time Undetected||Advanced TTPs||Total|
The hackers gained access to the financial wire companies through relatively simple phishing attacks on employees. After they gained access, they moved laterally through the systems until they were able to access the press release databases. At several points in the five year period, the hackers were denied access by routine security updates and password changes. However, they were quick to regain access, sustaining their phishing attacks and leveraging malware they had installed while they still had access to the system.
|Incident Costs||Physical Damage||Lives Lost||Nat. Sec. Impact||Total|
The court documents from New Jersey indicated the ring of 32 hackers and traders executed about 800 trades on the 150,000 press releases stolen from the wire companies over the five year period. According to SEC chairwoman Mary Jo White, the hack was “unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” adding the hack serves a stark reminder that the markets face increased risk of attack and manipulation. While this particular hack leveraged information to trade unfairly, other incidents (such as the SEA hack of the Associated press) could result in nosedives that cost billions of dollars and destabilize the consistency of the American market.