One advantage hackers have is their ability to stay hidden even in the most advanced systems. The U.S. Securities and Exchange Commission (SEC) learned just how well hackers can remain concealed and use a system for their own nefarious reasons when they realized hackers had accessed the SEC system and used it for stock trading.
This breach was different than those seen previously. Prior data breaches have resulted in hackers gaining access to private data, stealing it, and then selling it on the black market or using it for identity theft. Hackers in the SEC breach instead used their access for illegal trades.
Hackers didn’t breach the trading platform, but they did gain access to a system named EDGAR. EDGAR stores private information such as financial reports on specific organizations. This information is not openly available to the public, but it’s used by investors that sell stock. The attackers used this information to gain insights for illegal trades. Although the attackers didn’t gain monetarily through data theft, they did make money from information obtained through illicit means.
It’s not the first time attackers were able to take advantage of a vulnerability in the EDGAR software. In 2015, attackers compromised EDGAR and posted false information about Avon Products, which boosted the company’s stock prices until it was later exposed as a data breach.
Jay Clayton, head of SEC, told a Senate panel that he had only recently been briefed on the breach and hadn’t had time to properly respond to questions involving the extent of the intrusion. This comes after an even bigger breach by Equifax where head executives including the CEO, CIO, and CSO are being questioned regarding insider trading. Weeks before Equifax released information about their breach, executives sold millions of dollars in stock, which raised questions of possible fraud from consumers and investigators.
Recent statements from SEC commissioner Michael Piwowar indicate that the industry is looking into better ways to monitor financial systems, particularly EDGAR which seems to be a target for attackers due to its previous vulnerabilities. Once a system is proven susceptible to attack, hackers will continue to scan it for any further vulnerabilities. It becomes a prime target for copycats that follow in the original hackers’ footsteps.
This is just another incident that shows the importance of cyber security and monitoring. Monitoring can save businesses from a tremendous amount of monetary loss especially when you are in an area that manages PII and financial data. By monitoring PII properly, financial institutions reduce risks associated with long-term attacks where auditing just isn’t enough. You need a way to detect the attack as a means of offensive, aggressive detection to stop it before it becomes a multimillion dollar debt.