AGL 38.48 Decreased By ▼ -0.08 (-0.21%)
AIRLINK 203.02 Decreased By ▼ -4.75 (-2.29%)
BOP 10.17 Increased By ▲ 0.11 (1.09%)
CNERGY 6.54 Decreased By ▼ -0.54 (-7.63%)
DCL 9.58 Decreased By ▼ -0.41 (-4.1%)
DFML 40.02 Decreased By ▼ -1.12 (-2.72%)
DGKC 98.08 Decreased By ▼ -5.38 (-5.2%)
FCCL 34.96 Decreased By ▼ -1.39 (-3.82%)
FFBL 86.43 Decreased By ▼ -5.16 (-5.63%)
FFL 13.90 Decreased By ▼ -0.70 (-4.79%)
HUBC 131.57 Decreased By ▼ -7.86 (-5.64%)
HUMNL 14.02 Decreased By ▼ -0.08 (-0.57%)
KEL 5.61 Decreased By ▼ -0.36 (-6.03%)
KOSM 7.27 Decreased By ▼ -0.59 (-7.51%)
MLCF 45.59 Decreased By ▼ -1.69 (-3.57%)
NBP 66.38 Decreased By ▼ -7.38 (-10.01%)
OGDC 220.76 Decreased By ▼ -1.90 (-0.85%)
PAEL 38.48 Increased By ▲ 0.37 (0.97%)
PIBTL 8.91 Decreased By ▼ -0.36 (-3.88%)
PPL 197.88 Decreased By ▼ -7.97 (-3.87%)
PRL 39.03 Decreased By ▼ -0.82 (-2.06%)
PTC 25.47 Decreased By ▼ -1.15 (-4.32%)
SEARL 103.05 Decreased By ▼ -7.19 (-6.52%)
TELE 9.02 Decreased By ▼ -0.21 (-2.28%)
TOMCL 36.41 Decreased By ▼ -1.80 (-4.71%)
TPLP 13.75 Decreased By ▼ -0.02 (-0.15%)
TREET 25.12 Decreased By ▼ -1.33 (-5.03%)
TRG 58.04 Decreased By ▼ -2.50 (-4.13%)
UNITY 33.67 Decreased By ▼ -0.47 (-1.38%)
WTL 1.71 Decreased By ▼ -0.17 (-9.04%)
BR100 11,890 Decreased By -408.8 (-3.32%)
BR30 37,357 Decreased By -1520.9 (-3.91%)
KSE100 111,070 Decreased By -3790.4 (-3.3%)
KSE30 34,909 Decreased By -1287 (-3.56%)
Technology

US exchanges offer a rich potential target for hackers

  • The range of motivations means firms should aim to make themselves "the hardest target" possible to thwart attacks, Alvarado said.
Published May 26, 2021

NEW YORK: Cyberattacks have long been seen as a threat to financial markets, but worries are becoming even more acute following a US pipeline hack that set off a public panic and forced the company to pay a ransom.

Financial exchanges that manage daily transactions of tens or hundreds of billions of dollars are an appealing target for hackers.

Major stock exchanges insist they are on top of the issue, but remain mum about what steps they are taking to safeguard their networks.

"Technology and operational resiliency sits at the heart of everything we do," a Nasdaq spokesperson told AFP.

Likewise, the Chicago Board Options Exchange "takes cybersecurity very seriously and does not discuss our cyber defenses publicly," an exchange spokesperson said.

New York Stock Exchange President Stacey Cunningham told CNBC the exchange is "constantly working not only with our own teams but with others in the market, with the regulators and other exchanges on ensuring that markets are secure."

The Chicago Mercantile Exchange, a key trading venue for energy and agricultural products, declined comment entirely.

Recent history shows the hacking risk is far from a theoretical problem at financial exchanges.

Last August, New Zealand's NZX was crippled for four days following a digital siege.

The episode, a "distributed denial-of-service" attack, is a common type of cyberincident in which hackers saturate a system by sending a huge flood of requests, overwhelming the system and slowing or freezing operations.

"NZX has been advised by independent cyber specialists that the attacks ... are among the largest, most well-resourced and sophisticated they have ever seen in New Zealand," said NZX Chief Executive Mark Peterson said following the incident.

Such a calamity has yet to befall an exchange or major financial firm in the United States. But the worry has preoccupied US finance and government at the highest levels.

Federal Reserve Chair Jerome Powell told the news show "60 Minutes" last month that a cyberattack poses risks to financial markets even more severe than the liquidity freeze-up in the 2008 financial crisis.

"There are scenarios in which a large payment utility, for example, breaks down and the payment system can't work," Powell said. "Payments can't be completed.

"There are scenarios in which a large financial institution would lose the ability to track the payments that it's making."

Nasdaq employs resources to counter cyberthreats, but warns that "these measures may prove insufficient depending upon the attack or threat posed," the company said in a securities filing, adding that it "may be required to devote significant additional resources to the effort."

Range of motivations

The most typical means used by hackers to extort victims is to infiltrate a computer network with ransomware, which encrypts the system's data that can be lifted after the ransom is paid.

Earlier this month, Colonial Pipeline, which provides gasoline to much of the US East coast, ultimately paid some $4.4 million to hackers after the network was completely taken down for several days, sparking panic buying and a fuel shortage in some areas.

But money is not the only motivation for groups that might seek to take hostage a high-profile institution like a stock market, experts say.

"They may want to make money, damage the ability of the target to conduct business, steal sensitive information, or ruin their reputation," said Sean Cordero, a security advisor at Netenrich, a California cybersecurity company.

"Or, it could be all of the above and more."

The group's motivation also will determine the nature of the attack.

But groups seeking a large ransom payment may opt to inflict maximum immediate harm to elicit a quick response.

The range of motivations means firms should aim to make themselves "the hardest target" possible to thwart attacks, Alvarado said.

"Unfortunately, with ever-expanding attack surfaces, if a threat actor is willing to take the time to find a way in, chances are they probably will."

Cordero said frequent updates of security systems are needed to counter cyberrisks, requiring systems to be temporarily taken offline.

"This is ultimately a risk-based decision that can have major implications if not treated as such," Cordero said. "Unfortunately, these decisions tend to be relegated to the 'to-do' list and may go for months or years without action."

Comments

Comments are closed.