Financial institutions face a “significant” and growing cyber threat, as hacktivists and criminals attempt to manipulate markets with distributed denial of service attacks, according to a report.
Analysts at security firm Prolexic said that a growing number of cyber attack campaigns are being launched with the aim of lowering share prices for publicly traded companies and disrupting exchange activity to prevent trades being made.
“Since 2011, and growing in 2012 and 2013, DDoS attack campaigns have become a significant threat to financial firms,” Prolexic claimed in its ‘DDoS Attacks Against Global Markets’ report.
While DDoS attacks may not result in physical or inventory loss, many financial companies delivering services through websites or web applications are vulnerable to “substantial” disruption to investor confidence by affecting their online presence. The report claims there is a causal relationship between cyber attacks and a change in the valuation and share price of a particular company.
A number of US banks have been targeted in the past two years including Wells Fargo, JP Morgan Chase, Bank of America and CitiGroup, while, in the UK, Natwest was the victim of a denial of service attack late last year.
Prolexic highlights a number of US securities and commodities exchanges which have also been targeted, though notes that attack has been successful to entirely stop trading as yet.
The report states that attacks are coming from a range of sources. This includes cyber criminals seeking profits, younger hackers who may engage in denial of service attacks for fun, and veteran criminal gangs deploying more sophisticated attacks. Hactivist groups with a political motive include Al-Qassam Freedom Fighters, which launched a string of attacks on banks in 2013, Anonymous, which targeted PayPal in a 'revenge' attack, and l0ngwave99, responsible for an attack on Nasdaq’s website in 2012 in protest at the US government.
The “rising number” of DDoS attacks has created concern over the resilience of trading infrastructure, Prolexic said. “As a result, financial institutions are anxious, and governments are considering the national security implications associated with digital assaults against the critical economic infrastructure provided by financial firms, including trading platforms.”
Attempts to shore-up cyber defences in the UK financial sector have been made in recent months, with Bank of England publishing its the findings of its cyber defence stress test, Operation Waking Shark 2, today.
The Bank recently revealed that several financial institutions in the UK had services disrupted in the past six months, while executive director for financial stability, Andy Haldane, previously claimed last year that cyber attacks now present more of a risk to banks than the eurozone crisis.