In an interview with Finextra, BAE Systems’ head of cyber security consulting practice Robin Oldham shares new research conducted with interbank messaging network Swift, which profiles the way in which sophisticated cyber crime gangs are moving up the value chain in search of big wins in the wholesale payments and capital markets arena.
Oldham says that Advanced Persistent Threat (APT) Groups are increasingly run like commercial organisations and as such are prepared to invest the time and resources to maximise their profits.
“Banking trojans have always attacked banking customers but there is an increasing level of sophistication emerging, because of the potential reward," he says. "It comes down to return on investment and as groups have evolved, they’ve moved from targeting individuals to targeting institutions.”
The BAE Systems and Swift report released today, ‘The Evolving Advanced Cyber Threat to Financial Markets’, identifies the capital markets arena - with its complex and diverse stakeholder structures - as particularly vulnerable.
Says Oldham: “Because of the inter-reliance and large surface area, threat actors may try to exploit by falsifying records and changing ownership of securities and due to the traceability between central security depositaries, it is hard to reconcile what has happened and it would take time to figure it out. Alongside this, high frequency trades are being made quickly so subtle changes would be problematic to reverse."
He points to previous big ticket heists, such as the Carbanak swoop on ATMs, and the Bangladesh bank attack, as evidence of the increasing sophistication - and financial knowledge - of criminal gangs.
“The accounts that the money was transferred into were opened nine months before the attack, so they were not opportunist," he says. "It was a well-researched and they planned to capitalise on it. It warrants investment of time, assuming they get the reward and it’s all about understanding how organisations work and how vulnerable they are.”
Just last week, ECB board member Benoît Cœuré warned that the next financial crisis may well be triggered by a cyber attack, pointing to the persistence of shadowy criminal gangs in targeting wholesale institutions.