This should come as no surprise to anyone unless you rarely stay abreast of the latest trends in the cyber security industry. As you have likely heard many cyber security professionals say, preventing successful attacks is a bit like the game of whack-a-mole: as soon as you close one hole, another appears somewhere else on the network. Along these same lines, cyber security threats continue to increase because malicious actors needs to be more innovative to locate ways to penetrate networks (emphasis added):
At 2:14 p.m., less than 30 minutes after the wire service uploaded the press release into its system, someone bought Walter Energy CFDs referencing 36,000 shares of stock, valued at about $1.2 million, and then made another trade for a larger amount through a different account. That afternoon someone else carried out a similar transaction, the U.S. Securities and Exchange Commission said in court documents unsealed this week. It all happened before the press release became public.
The next day the two are accused of closing their positions in the Walter Energy CFDs and pocketing a combined $137,000 in profit as part of what Andrew Ceresney, director of the SEC’s Enforcement Division, called “one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities.”
Walter Energy was only one of the targeted companies—others included Caterpillar Inc. and Panera Bread Co.— listed in a federal court document detailing the SEC’s fraud charges against 32 people. They are accused of using advanced techniques to hack into two or more newswire services between 2010 and 2014 to steal hundreds of corporate earnings announcements before the newswires released the information publicly. The information was then sent to traders in Russia, Ukraine, Malta, Cyprus, France and the U.S.
The scheme, allegedly led by two Ukrainians, generated more than $100 million in illegal profits, the SEC said. The hack shows that the cyber security threats are becoming more elaborate and should remain on the radar for oil and gas companies, which have been frequent targets of cyber attacks in the past.
This is a pretty innovative technique, and likely one the newswire services never conceptualized when architecting their security. These types of non-traditional attacks are going to continue to increase as cyber security defense measures increase in their capability to prevent complex attacks.
It’s cat and mouse all over again.