Exclusive: Massive Cyber Attack Targets Brokers' Leads and Data

Thursday, 21/02/2019 | 14:38 GMT by David Kimberley
  • The virus was discovered by cybersecurity experts at Panda Trading Systems
Exclusive: Massive Cyber Attack Targets Brokers' Leads and Data
FM

A trojan horse virus has been spreading across firms working in the retail trading industry, with hackers stealing swathes of data and selling it on the dark web, according to the cybersecurity team at Panda Trading Systems, a Technology Provider to the retail trading industry.

Dikla Sheffer, the firm's Vice President of Business Development, told Finance Magnates on Wednesday that the company identified the virus a few weeks ago.

"This is an organized attack on brokerages, affiliate networks, PSPs, VOIPs, and other companies operating within the retail trading industry,” said Sheffer. “Once we identified the virus, we saw fit to publish a warning and share our findings, in the hope that industry colleagues will become more aware of cybersecurity dangers and take the necessary steps to protect themselves.”

Regular test, irregular virus

PandaTS spotted the piece of malware during a routine check up on computers at several of its clients’ call centers. After a thorough investigation, the company's cybersecurity division identified the malware, the hackers behind it and the infected networks.

Due to an ongoing investigation and the involvement of legal authorities, the trading systems provider said that it could not publicize the identity of the hackers at this time.

Finance Magnates reached out to a number of retail brokers to see how widely the malware has spread. Though some were unaffected, several brokers did confirm that hackers had attempted, with varying degrees of success, to steal data from them.

Diagram illustrating how the emotet virus works (source: US Department of Homeland Security)

Diagram illustrating how the Emotet virus works (source: US Department of Homeland Security)

“I can confirm that our systems were affected by a virus,” said the CEO of one FCA-regulated broker. “But we don’t believe that the hackers were able to steal any data from us.”

Companies were given the virus by people pretending to be affiliate marketers. Those hackers sent documents purporting to be lists of Leads and invoices to brokers.

After downloading one of those files, which were usually spreadsheets or Word documents, users were then told they had to ‘decrypt’ information or ‘enable content.’ Clicking on those buttons downloaded a PowerShell to users’ computers which, in turn, downloaded pieces of malware from a remote server.

Silent but deadly

Thus far, the PandaTS cybersecurity team has found a number of different kinds of malware. Most notable amongst them was

Dikla Sheffer

Dikla Sheffer, Vice President of Business Development at Panda Trading Systems

the Emotet virus, which allows hackers to steal passwords, emails, and bank details.

More damaging is a piece of malware that allows the hackers to remotely access a user’s computer and then operate it in ‘silent mode.’ That means a user, looking at their screen, would have no idea that someone else was accessing it.

“This looks a lot like the virus that was used to attack Ukraine in 2017,” a cybersecurity expert at a consultancy firm told Finance Magnates. “Similar malware has been used to attack banks in the past couple of years. If I was a broker, I would be taking particular care to ensure it can’t spread between computers within my network.”

Client data for sale

PandaTS told Finance Magnates that the hackers have managed to infect hundreds of computers belonging to brokers and affiliate marketers.

The technology provider said that, though the hackers appear to be targeting companies operating in the retail trading industry, several major firms, in a number of different fields of business, have also been affected by the attack.

Further research by the firm's cybersecurity team indicates that the hackers are selling client information on the dark web.

“Data theft is not an incident, it’s an industry,” Boaz Gam, the CEO of data protection solution provider LPS told Finance Magnates. “Companies must take steps to protect their leads or they are sure to be hit. That means losing business, damage to reputation and the potential for regulatory fines.”

Malware: the computer's common cold

Stopping the malware is difficult as it doesn’t make any noticeable changes to one’s computer and cannot be identified by common anti-virus applications.

Boaz Gam, CEO of LPS

Boaz Gam, CEO of LPS

As noted, hackers can gain remote access to a user’s PC, but they do so in ‘silent mode,’ meaning the user cannot see what they are doing.

Moreover, the malware is akin to the common cold. The means by which it infects you are the same, as are the symptoms, but the actual components of the virus are constantly changing.

Having worked on a solution for its clients’, PandaTS has now developed technology that can identify whether or not a computer is infected by the malware.

Nonetheless, the best means of defense is not to get infected by the virus in the first place. And unlike the common cold, which is spread by the often unavoidable, artillery-like sneezing of other people on the bus in the morning, all you have to do to ensure you don’t get infected by malware is not download random files from people you don’t know.

A trojan horse virus has been spreading across firms working in the retail trading industry, with hackers stealing swathes of data and selling it on the dark web, according to the cybersecurity team at Panda Trading Systems, a Technology Provider to the retail trading industry.

Dikla Sheffer, the firm's Vice President of Business Development, told Finance Magnates on Wednesday that the company identified the virus a few weeks ago.

"This is an organized attack on brokerages, affiliate networks, PSPs, VOIPs, and other companies operating within the retail trading industry,” said Sheffer. “Once we identified the virus, we saw fit to publish a warning and share our findings, in the hope that industry colleagues will become more aware of cybersecurity dangers and take the necessary steps to protect themselves.”

Regular test, irregular virus

PandaTS spotted the piece of malware during a routine check up on computers at several of its clients’ call centers. After a thorough investigation, the company's cybersecurity division identified the malware, the hackers behind it and the infected networks.

Due to an ongoing investigation and the involvement of legal authorities, the trading systems provider said that it could not publicize the identity of the hackers at this time.

Finance Magnates reached out to a number of retail brokers to see how widely the malware has spread. Though some were unaffected, several brokers did confirm that hackers had attempted, with varying degrees of success, to steal data from them.

Diagram illustrating how the emotet virus works (source: US Department of Homeland Security)

Diagram illustrating how the Emotet virus works (source: US Department of Homeland Security)

“I can confirm that our systems were affected by a virus,” said the CEO of one FCA-regulated broker. “But we don’t believe that the hackers were able to steal any data from us.”

Companies were given the virus by people pretending to be affiliate marketers. Those hackers sent documents purporting to be lists of Leads and invoices to brokers.

After downloading one of those files, which were usually spreadsheets or Word documents, users were then told they had to ‘decrypt’ information or ‘enable content.’ Clicking on those buttons downloaded a PowerShell to users’ computers which, in turn, downloaded pieces of malware from a remote server.

Silent but deadly

Thus far, the PandaTS cybersecurity team has found a number of different kinds of malware. Most notable amongst them was

Dikla Sheffer

Dikla Sheffer, Vice President of Business Development at Panda Trading Systems

the Emotet virus, which allows hackers to steal passwords, emails, and bank details.

More damaging is a piece of malware that allows the hackers to remotely access a user’s computer and then operate it in ‘silent mode.’ That means a user, looking at their screen, would have no idea that someone else was accessing it.

“This looks a lot like the virus that was used to attack Ukraine in 2017,” a cybersecurity expert at a consultancy firm told Finance Magnates. “Similar malware has been used to attack banks in the past couple of years. If I was a broker, I would be taking particular care to ensure it can’t spread between computers within my network.”

Client data for sale

PandaTS told Finance Magnates that the hackers have managed to infect hundreds of computers belonging to brokers and affiliate marketers.

The technology provider said that, though the hackers appear to be targeting companies operating in the retail trading industry, several major firms, in a number of different fields of business, have also been affected by the attack.

Further research by the firm's cybersecurity team indicates that the hackers are selling client information on the dark web.

“Data theft is not an incident, it’s an industry,” Boaz Gam, the CEO of data protection solution provider LPS told Finance Magnates. “Companies must take steps to protect their leads or they are sure to be hit. That means losing business, damage to reputation and the potential for regulatory fines.”

Malware: the computer's common cold

Stopping the malware is difficult as it doesn’t make any noticeable changes to one’s computer and cannot be identified by common anti-virus applications.

Boaz Gam, CEO of LPS

Boaz Gam, CEO of LPS

As noted, hackers can gain remote access to a user’s PC, but they do so in ‘silent mode,’ meaning the user cannot see what they are doing.

Moreover, the malware is akin to the common cold. The means by which it infects you are the same, as are the symptoms, but the actual components of the virus are constantly changing.

Having worked on a solution for its clients’, PandaTS has now developed technology that can identify whether or not a computer is infected by the malware.

Nonetheless, the best means of defense is not to get infected by the virus in the first place. And unlike the common cold, which is spread by the often unavoidable, artillery-like sneezing of other people on the bus in the morning, all you have to do to ensure you don’t get infected by malware is not download random files from people you don’t know.

About the Author: David Kimberley
David Kimberley
  • 1226 Articles
  • 19 Followers
About the Author: David Kimberley
  • 1226 Articles
  • 19 Followers

More from the Author

Retail FX

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}