Threat Intelligence Blog

Posted December 8, 2014

No, it’s not their mutual love of baking. About 10 years ago, Martha Stewart allegedly received some information that the public was not privy to that led her to sell some stocks. And this week security firm FireEye tracked down a group of hackers, which they nicknamed “Fin4,” who stole information from over 100 publicly traded companies that could be used to make lucrative stock investments.

The common thread? Both allegedly had insider information that could be used to affect stock prices.

While some criminals may use malware to get into corporate systems and extract this kind of information, this particular group mainly used phishing scams, which remain a widely-used and successful method for criminals. First, the attackers sent phishing emails to acquire the login credentials for Microsoft Outlook email accounts at more than 100 companies, including many publicly-traded healthcare and pharmaceutical firms. Next, the criminals used those compromised accounts to send very personalized and authentic-looking spear phishing emails to other employees and executives. The criminals were able to use this technique to gain valuable information about upcoming acquisitions and other private insider information.

This latest attack highlights the fact that criminals are launching new phishing campaigns that are far more sophisticated than the old attacks, which were typically rife with misspellings and grammatical errors. The attackers in this case used impeccable English and insider knowledge of financial culture. Additionally, the phishing emails did not contain malicious files that would be detected by an antivirus solution.

While this attack was aimed at larger organizations, spear phishing is also one of the biggest risks that small businesses face. In fact, last year criminals used spear phishing attacks to target one out of five small businesses in the United States.

Educating employees about phishing and spearphishing is an important and affordable step to protecting your organization from attacks like this. Another is to use an open source intelligence platform that offers your security analysts all the data and tools they need to monitor for and respond to incidents of confidential information – such as that stolen by Fin4 – being sold or traded online in various websites and forums.


One way to overcome these obstacles is to use a versatile tool that will save your organization money by enabling your security analysts to be more productive. Learn more in our blog, Three Tools Every Security Analyst Needs.


Additional Posts

Cyveillance Weekly Trends Report–December 9, 2014

Welcome to the Cyveillance Weekly Trends Report Since threat intelligence is constantly evolving, ...

Coffee Talk with Krebs: Nine Questions for Brian Krebs

"I don’t think we’ve seen anywhere near how nasty this is going to get." For many of our ...