A large portion of the attacks described by the cybersecurity experts originated in and around Russia, Ukraine, Estonia and Bulgaria, they said, based on their analysis of the attacks and the coding of the malware used.
Eastern European hackers have targeted more than a dozen hedge funds for at least two years, said Tom Kellerman, chief cybersecurity officer for Trend Micro Inc. in the U.S.
Hackers infiltrate financial companies for many reasons, such as mapping out networks, stealing cash and pilfering information that can be used to profit off stock market trading, according to the security experts.
In the attack publicized last week by BAE Systems Plc, hackers disrupted high-speed trading at a large hedge fund and rerouted data in a way that would have given hackers the potential to use the information to profit in rogue stock-market transactions.
The hackers inserted software that delayed by several hundred microseconds the ability to trade, said Paul Henninger, global product director for BAE Systems Applied Intelligence, a unit of BAE Systems. Henninger declined to identify the hedge fund or its location. The target was the fund’s order-entry system, he said.
‘A Few Microseconds’
“The difference in a few microseconds can mean a significant difference in the profitability of that trade,” Henninger said.
The attack was going on for eight weeks and BAE was called in by the fund at the end of 2013, said Henninger. He said it had “all the signatures of an organized crime attack.”
“This is the first time we’ve seen criminals actively go after a business system and effectively take over that system and create sabotage,” Henninger said in a phone interview. “The assumption is that this was a for-profit attack.”
Such attacks threaten to undermine the systems used globally for high-speed trading, Kellerman said in a phone interview.