- Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Hacker groups shifting to corporate cyberespionage schemes

There is a growing concern for cyberespionage in U.S. after a financially motivated hacker group stole inside information to make millions from insider trading schemes.

Financially motivated hacker groups are turning their attention to corporate cyberespionage -- specifically, breaching enterprises to obtain business secrets that can be sold to third parties or used to commit insider trading.

In the latest cyberespionage case, nine men in the U.S. and Ukraine were indicted on federal crime charges for implementing sophisticated cyberattacks used to steal confidential information for financial gain in the New York Stock Exchange and Nasdaq. Over the course of five years, they targeted and stole a total of 150,000 unpublished press releases from three of the biggest newswire businesses regarding companies, such as Align Technology Inc., Caterpillar Inc., HP, Home Depot, Panera Bread Co. and VeriSign Inc.

The hackers strategically used the insider knowledge from the press releases that concerned earnings, gross margins, revenues and other information to trade before the public announcement, which allowed them to buy or sell stock based on positive or negative news. For example, in October 2013, the hacker group executed multiple trades and purchases before Align Technology publicly announced that the company's net revenues increased to 20.5% and earnings per share increased $0.42. The hackers finished the day with a total of $1.45 million in illegal profits. Similarly, in April 2013, when hackers learned that Edwards Lifesciences Corp. was lowering its earnings projections for the next quarter, the hackers turned a profit of $844,000. Over five years, their trades generated approximately $30 million in illegal profits, stated by the District of New Jersey press release.

But that's not all: The hackers formed alliances with rogue traders to steal valuable information. The stock traders sent lists of corporate press releases they wanted to see ahead of time to hackers in Ukraine, who then emailed them back with directions to gain access to the nonpublic information. The hackers earned a percentage from the final profits. In all, the traders and hackers acquired more than $100 million. According to Bloomberg Business, Vitaly Korchevsky, a former hedge fund manager, allegedly helped unite the financial world with the cybercriminal world and made $17.5 million along the way.

Since the hackers and rogue traders were trading on the stock market, that created markers that the U.S. Securities and Exchange Commission (SEC) could watch, which inevitably lead them to detect patterns of suspicion. From there, the SEC tracked the people making the trades and analyzed their patterns. Eventually, this helped lead to their arrest.

The insider trading ring isn't the only instance of cybercriminals committing corporate espionage lately. Earlier this year, both Kaspersky Lab and Symantec issued reports about an advanced persistent threat (APT) group targeting enterprises. The APT group, dubbed "Butterfly" by Symantec and "Wild Neutron" by Kaspersky, has reportedly been active for several years and has breached high-profile companies, such as Apple, Microsoft and Facebook, to obtain valuable insider information about those companies.

"Based on our analysis, the Butterfly attackers are likely a small team that steals data either as a service to another client or to monetize it themselves through insider trading," Symantec's report stated. "Organizations need to be aware of the threat that corporate espionage groups like Butterfly can pose."

Growing cyberespionage threats

James Pooley, author of SECRETS: Managing Information Assets in the Age of Cyberespionage and information security consultant, believes that this type of financially motivated crime demonstrates the value in information security. "It is a perfect wake up call," he said. "It's the tip of the iceberg. It's an example of how information can be turned into money."

Cyberattacks are serious threats to corporate and national security; 76% of respondents in PricewaterhouseCoopers's (PwC) report, titled U.S. cybersecurity: Progress stalled, Key findings from the 2015 U.S. State of Cybercrime Survey, said they were more concerned with cyberthreats this year than ever before. Cybercrime was ranked as the top national security threat ahead of terrorism, espionage and weapons of mass destruction. Not only does cybercrime generate fear, it's also costly. The FBI and the Internet Crime Complaint Center reported that global wire fraud cost businesses $215 million in a 14-month period. The U.S. companies represented an astonishing 84% of those financial losses.

In addition, an astonishing 79% of respondents, who were 500 executives of U.S. businesses, law enforcement services and government agencies, in the PwC report said they detected some kind of security incident within the past 12 months. It's worth noting that many cybercrimes go unnoticed. In 2013, the FBI notified over 3,000 companies, "ranging from small banks, major defense contractors and leading retailers," that they had been unknowingly breached.

"The problem with most companies is that they treat information security as an IT issue alone," Pooley said, when asked why the amount of cyberattacks has drastically increased over the past few years. "It's rather old fashioned to only defend the perimeter and do the best they can with the budget given. They don't recognize that threats are a holistic and existential problem."

The cyberattacks that are crossing international borders, and targeting the U.S. in particular, have increased dramatically over the past decade, too. The U.S. has suffered from numerous cyberespionage attacks executed by the Chinese government, which affected many sectors of the U.S. economy. In an NSA map obtained by NBC, titled U.S. Victims of Chinese Cyber Espionage over the past five years, the red dots spotted on a map of the U.S. represent corporate and military secrets and data that were successfully stolen by the Chinese. The east coast is predominantly spotted with red markers between Washington, D.C. and Boston; other concentrations are in Silicon Valley, Chicago, Seattle, Los Angeles and Detroit.

With so much at stake, it's critical that the next generation strengthens its cyber capabilities, because criminals are "using computers instead of guns to steal money, and threaten the safety and security of our cybernetworks," U.S. Secretary of Homeland Security Jeh Johnson said in the press release regarding the hacking ring.

Pooley believes that, eventually, the U.S. will learn the best ways to operate against cybercriminals. "Over time, the matter will be under control. In the 1920s and 1930s, robbing banks was very common, but now, we've figured out how to protect the cash," he said. "I expect to see something similar with cybersecurity. We're not at the same point of sophistication when it comes to protecting modern currency, which is data, but we will get there eventually."

Next Steps

Learn why the insider trading hacker group highlights issues with cybersecurity laws

Find out which security vendors have suffered data breaches this year

Dig Deeper on Emerging cyberattacks and threats