A report examining securities cybercrime has found that half of the world's critical financial exchanges suffered cyberattacks in the past year.
The International Organization of Securities Commissions (IOSCO) said in a staff working paper [PDF] that attacks against such trading, stock and financial institutions are increasing in volume. And, despite the apparent temptation to attack these targets for financial gain, the motivations appear to be aimed at destabilizing the markets over stealing money.
The paper comes in the same week as hackers attacked the Nasdaq stock exchange's community site on Thursday.
New York-based Nasdaq sent out an email to users warning that their account information — such as email addresses and passwords — may have been compromised but noted that no "e-commerce or transactions" had been affected. The stock exchange ground confirmed that no other system suffered a breach.
Investors and hobbyist traders alike use the community site to discuss trading and stock portfolios, among other things.
Users are advised to change their passwords in case the passwords collected during the attack are institutional accounts that could give remote unauthorized access to internal banking or financial networks.
The report notes that such instances are IT-related issues rather than extensions of financial crime. This includes data theft, which as the Nasdaq's case proves true, is also a significant motivator to hackers and attackers.
But while thus far very little, if any, money has been taken from outside attacks, denail-of-service attacks remain as one of the most disruptive forms of attacks, behind malware and malicious software.
These so-called "advanced persistent threats" could be particularly damaging to exchanges, the report notes. The paper cited other studies that pegged the damages figure as high as $388 billion or $1 trillion through direct and indirect costs.
One quarter of all exchanges surveyed recognized that current systems design to mitigate intrusions "may not be able to stand up against a large-scale and coordinated attack," the report says.
In terms of laws and legislation, just over half of respondents said that judicial sanctions in their jurisdiction are effective in deterring cybercriminals.
Many noted that because of the global nature of e-crime and the very cross-border nature of financial transactions, many exchanges "expressed doubt over the effectiveness of current regulation" in deterring cyber criminals, due to the difficulty in investigating claims and prosecuting suspects.
But even a boost to the laws may not be able to prevent damaging effects on the financial and stock markets.
Twitter warned in April of more hacks to come after the hacking of the Associated Press' Twitter account. A tweet about an apparent explosion at the White House led to a flash plunge in the Dow Jones Industrial Average, dropping more than 100 points in a matter of seconds.
Pro-democracy hacking group the Syrian Electronic Army allegedly sent the tweet after successfully gaining access to the news agency's Twitter account.
Though the AP's account was immediately suspended, it was still enough to wipe around $136 billion off the financial slate in just a couple of minutes before the markets recovered.