As Nasdaq's site hit by hackers, report says half of world's exchanges suffered cyberattacks

According to a report, half the world's financial exchanges suffered cyberattacks in past year. And on Thursday, hackers hit the Nasdaq's Community pages.

Image: Rob Tannenbaum/Nasdaq

A report examining securities cybercrime has found that half of the world's critical financial exchanges suffered cyberattacks in the past year.

The International Organization of Securities Commissions (IOSCO) said in a staff working paper [PDF] that attacks against such trading, stock and financial institutions are increasing in volume. And, despite the apparent temptation to attack these targets for financial gain, the motivations appear to be aimed at destabilizing the markets over stealing money.

Read this

Twitter warns of more hacks, threats to come; issues media memo

The microblogging giant has warned news outlets that "these attacks will continue," particularly against high profile media organizations.

Read More

The paper comes in the same week as hackers attacked the Nasdaq stock exchange's community site on Thursday.

New York-based Nasdaq sent out an email to users warning that their account information — such as email addresses and passwords — may have been compromised but noted that no "e-commerce or transactions" had been affected. The stock exchange ground confirmed that no other system suffered a breach.

Investors and hobbyist traders alike use the community site to discuss trading and stock portfolios, among other things. 

Users are advised to change their passwords in case the passwords collected during the attack are institutional accounts that could give remote unauthorized access to internal banking or financial networks.

The report notes that such instances are IT-related issues rather than extensions of financial crime. This includes data theft, which as the Nasdaq's case proves true, is also a significant motivator to hackers and attackers.

But while thus far very little, if any, money has been taken from outside attacks, denail-of-service attacks remain as one of the most disruptive forms of attacks, behind malware and malicious software.

Most common and most disruptive form of cyber-attack? Image: IOSCO/World Federation of Exchanges

These so-called "advanced persistent threats" could be particularly damaging to exchanges, the report notes. The paper cited other studies that pegged the damages figure as high as $388 billion or $1 trillion through direct and indirect costs.

One quarter of all exchanges surveyed recognized that current systems design to mitigate intrusions "may not be able to stand up against a large-scale and coordinated attack," the report says.

Has your organization suffered a cyber-attack in the last year? Image: IOSCO/World Federation of Exchanges

In terms of laws and legislation, just over half of respondents said that judicial sanctions in their jurisdiction are effective in deterring cybercriminals.

Read this

Twitter's outage stakes grow as stock traders lose social factor

Now that tweets are running through Bloomberg financial terminals, Twitter now has a greater responsibility to maintain uptime.

Read More

Many noted that because of the global nature of e-crime and the very cross-border nature of financial transactions, many exchanges "expressed doubt over the effectiveness of current regulation" in deterring cyber criminals, due to the difficulty in investigating claims and prosecuting suspects.

But even a boost to the laws may not be able to prevent damaging effects on the financial and stock markets.

Twitter warned in April of more hacks to come  after the hacking of the Associated Press' Twitter account. A tweet about an apparent explosion at the White House led to a flash plunge in the Dow Jones Industrial Average, dropping more than 100 points in a matter of seconds.  

Pro-democracy hacking group the Syrian Electronic Army allegedly sent the tweet after successfully gaining access to the news agency's Twitter account.

Though the AP's account was immediately suspended, it was still enough to wipe around $136 billion off the financial slate in just a couple of minutes before the markets recovered.