[ISN] Cybercriminals Zero In on a Lucrative New Target: Hedge Funds

http://bits.blogs.nytimes.com/2014/06/19/cybercriminals-zero-in-on-a-lucrative-new-target-hedge-funds/ By Nicole Perlroth Bits The New York Times June 19, 2014 They say crime follows opportunity. Computer security experts say hedge funds, with their vast pools of money and opaque nature, have become perfect targets for sophisticated cybercriminals. Over the past two years, experts say, hedge funds have fallen victim to targeted attacks. What makes them such ripe targets is that even as hedge funds expend millions in moving their trading operations online, they have not made the same investment in security. The latest evidence comes in the form of a new report Wednesday from BAE Systems, a computer security firm, that an unnamed hedge fund lost millions of dollars after criminals installed malware on its trading systems late last year. The malware was designed to insert a lag time in the hedge fund’s trading system and record the details of orders, so the attackers could trade on the information themselves. According to BAE Systems, the attack began with a so-called spearphishing email, which contained links purporting to be about capital markets. Once they were clicked, an employee inadvertently downloaded malware onto a computer that gave criminals deeper access to the fund’s trading systems. The attack was noticed only after the fund’s analysts and tech staff discovered the lag times in its algorithmic trading strategy and abnormal file movement on its network. The breach, which was first reported by CNBC, cost the fund millions of dollars in recovery, according to BAE Systems, which did not name the fund. But security experts say the crime is hardly new. “Hedge funds have been victims of targeted cyberattack over the past two years,” said Tom Kellermann, the chief cybersecurity officer at TrendMicro. “Hedge funds are woefully undersecured. The lack of investment in their cybersecurity has placed them in the line of fire.” […]