Nasdaq Attacker involved with espionage

Following the breach of Nasdaq’s Director’s Desk Web application last fall, the attackers left monitoring tools to eavesdrop on board directors’ communications.

According to an article in Reuters, the hackers responsible for breaching the Nasdaq stock exchange network last year had left remote-monitoring software, allowing them in spying on corporate directors.

The unknown attackers manage to install the monitoring tool and thieve confidential documents and communications f board directors on the compromised platform.

Investigators claimed that eh are in possession of the monitoring software that the attackers had implanted.  However, the problem is they do not have a clue on how long it got installed inside the website before it got detected and removed.

Nasdaq’s Director’s Desk, a Web-based application used by the boards of various companies that trade on the exchange in sharing financial information, got compromised last fall. Nasdaq OMX, the shell company, which owns the stock market, revealed Feb 5. Nasdaq OMX said that during the time that there were no evidence regarding the opened customer information.  The trading infrastructure and other systems remained unchanged.

According to eWeek, there are vulnerabilities within the application that got successfully exploited by remote attackers, allowing them in perusing information exchanges between several company directors,” Gunter Ollmann, vice president of research at Damballa.  There are several types of common attacks that exploit application vulnerabilities that could be given to the intruders that are going to allow access to the database and files on the server.

Chris Wysopal, CTO of Veracode say that the fact that the attackers had some access on the affected system, which allowed them to installing software, signifies it was an advanced attack. At least one board director was most likely compromised in giving the perpetrators access to the application prior to the uncovering of the vulnerabilities.

According to Wysopal, organizations need to ensure that there are conducting some extensive security testing in all stages of development. There should be systematic security review throughout development and dynamic analysis for every functional testing in finding and closing Web vulnerabilities. It is alright that there should be penetration testing, but testing should be conducting from the very start.

Executive chairman at Quarri Technologies, Bill Morrow believes that organizations must also think about protecting the browser, instead of just concentrating on conventional endpoint protection. Confidential business information is among the popular that hackers are accessing in Web browsers.  However, organizations do not take the initiative that the browsers they are using are state-of-the-art and secure.