This Week in Cybersecurity

From the halls of the UN to college dorms, Continuity eGUIDE takes a look at where the week’s top cybersecurity stories are taking place.

Hacking the trading room floor

Insider trading got a new definition with an audacious, Ukrainian-based hacking ring that has reportedly made more than $100 million in illegal trades profit, according to The Hill. The group pilfered earnings reports and press releases on mergers and acquisitions ahead of schedule and then distributed the information to traders and hedge fund managers.

“Traders could even create ‘shopping lists’ or ‘wish lists’ for the hackers,” the FBI told The Hill.

“It’s not that it wasn’t a huge concern,” former cyber division FBI special agent and private security adviser with Tanium. “I think it was more that everyone thought that it was isolated to one particular incident for a company.”

What makes this incident notable is that the ring was “likely one of multiple cyber crime groups digitally pilfering information to illegally play the stock market in a way that is barely perceptible to authorities,” according to The Hill.

Browser Break-ins

Funded through Facebook, US researchers have developed a new cybersecurity tool called Caver, to find browser vulnerabilities by taking advantage of "bad casting" and "type confusion".

The team, which included Ph.D. students Byoungyoung Lee and Chengyu Song, along with Professors Taesoo Kim and Wenke Lee, was able to use the new tool to identify 11 previously unknown Internet browser security flaws.

The team has been awarded with Facebook's 'Internet Defense Prize', as a recognition of their significant contributions to the security of the Internet particularly in the areas of protection and defense, through both research and the generation of a working prototype.

As noted by Ioannis Papagiannis, security engineering manager at Facebook, "designing defensive security technology has never been more important, and that’s why we are once again offering the Internet Defense Prize to stimulate high-quality research in this area.”

Cybersecurity Compromise

The UN has issued an expert report on cybersecurity, containing a compromise on the rights of states for individual or collective self-defense if an armed attack against it occurs.  Defined under Article 51, this compromise attempts to determine the applicability of cyberattacks as a pretext for war, or other retaliatory use of force.

The report offers additional clarifications on the following points, among other things:

What constitutes an armed attack in terms of the use of information and communication technologies?

Prosecution of states for organizing cyber attacks.

The need to prove the organization and implementation of cyber attacks.

Additional details on the results of the compromise and related legislation are available in the following link.