Securities market participants face greatest financial cyber threat: BAE Systems

Criminals can create fake trading orders more easily when they're communicated in unstructured faxes or emails, and when critical data in stored in spreadsheets.
Written by Stilgherrian , Contributor

The securities markets -- trading in stocks, bonds, equities, debt, derivatives, and the like -- face the highest level of cyber threat of all financial markets, according to a new report from BAE Systems.

"This is due to the large numbers of participants and infrastructures in that market, the complexities of their interactions, and inherent characteristics such as long chains of custody, unstructured communications and trusted practices -- all of which combine to provide opportunities for APT [advanced persistent threat] groups to exploit," the report said.

BAE's analysis focused on the secondary securities markets of over-the-counter and exchange trading, rather than the primary markets where new securities are issued, because there's more activity, more market infrastructure operations, and more participants.

Attacking the market infrastructure would "potentially yield significant rewards", BAE wrote, but would require "substantial effort" because these are "systemically important infrastructures and would be reasonably aware of the threat from APT groups".

"The attacker would also potentially need to further compromise elsewhere in the trade lifecycle to cash out."

That said, there are some 60 major stock exchanges globally, and more targets means more opportunities for attackers.

But the "fertile area for potential exploitation" lies in the interactions between participants, and between the participants and the market infrastructures, BAE wrote.

"This involves taking advantage of the higher number of participants with varying levels of cyber maturity, the non-standard, unstructured proceses internally and between participant -- particularly their uses of faxes and emails for communication, or managing critical trade data in spreadsheets," the report said.

"Operations and practices in securities markets can sometimes be opaque, which has the effect of making it difficult to link actions, assets, and owners/beneficiaries. [The] near term cyber risk must be classed as amongst the highest scored across all the markets reviewed."

The report, titled "The Evolving Advanced Cyber Threats to Financial Markets", was prepared for financial messaging services company SWIFT. Securities messages represent around 46 percent of the company's message traffic annually.

The varying level of cyber maturity amongst the myriad participants is a "really key" factor here, making it easy for attackers to get onto a network and spend a lot of time there, according to Robin Oldham from BAE Systems' Security Advisory and Technical Services.

"As we saw with the Bangladesh bank attack, they had been on the network for months and months and months without detection, understanding the processes and how they worked. This varying level of cyber maturity would suggest that this is a similar sort of target," Oldham told SWIFT's Sibos global financial services conference in Sydney on Monday.

See more: Bangladesh bank heist made possible through poor security

"It can be quite difficult to reconcile with certainty exactly what's gone on until after the fact. That presents opportunity there. The ease of cash-out as well. It's quite easy to liquidate a position and make off with the funds."

Another factor is that high-speed trading provides an opportunity for a fast turnaround of the fraudulent transactions.

A straw poll of the audience showed that for both participants and infrastructure providers in securities markets, roughly half thought that the greatest risk was the manipulation of market and reference data, such as standing settlement instructions and pricing information.

The second-highest perceived risk was exploiting unstructured communications to falsify trading orders. Falsifying instructions to the market infrastructures themselves was seen as less of a risk.

"Being able to change where things are settled to [is] obviously an easy way to try and make some money there," Oldham said.

While securities markets face the greatest risk, BAE Systems sees that there's also a near-term cyber threat for participants in banking and payments systems, foreign exchange (FX) markets, and trade finance, with attacks on banking and payments systems offering the greatest potential financial gain for criminals.

On the infrastructure side, only the securities markets are seen as facing a near-term threat. Trade finance systems offer a relatively low potential payout to criminals, and are seen by BAE as facing a medium-term threat. Banking and payments systems and FX markets offer a "very high" potential payout, but the threat is long-term because they're less susceptible to attacks.

"What we're seeing is that market infrastructures provide a more standardised set of services. There's a greater focus for them on operational efficiency for the service that they do provide, and that they're contracted to against certain service levels," Oldham said.

"They receive a greater level of regulatory oversight... in a way that participants haven't. So whilst participants may be greater in number, this doesn't translate to safety in numbers. There's no kind of herd immunity going on here, especially with this trust on third parties required to transact."

Related Coverage

Data science secrets in finance and media

Two top data scientists share their goals and challenges in analyzing huge datasets to make sense of complex business problems. Business people should read this carefully to gain a better understanding of data science and how it works.

Samsung SDS unveils blockchain-based finance platform Nexfinance

Samsung SDS has unveiled Nexfinance, an AI-powered blockchain finance platform that aims to help digital transformation in the enterprise.

Hacking campaign combines attacks to target government, finance, and energy

An attack group operating out of Iran is copying techniques used in successful high-profile attacks -- but forget to cover their tracks, leaving their tactics exposed.

SWIFT's instant cross-border gpi payments test touted as a success

The successful trial of instant cross-border payments used Australia's New Payments Platform.

SWIFT to use Microsoft Azure for payments transfers

The companies are proving out a Microsoft Azure cloud-based solution for payments transfers conducted on the SWIFT network.

4 ways finance leaders must change their thinking to embrace digital transformation (TechRepublic)

New findings from Workday reveal how financial leaders can better keep pace with digital transformation.

Editorial standards