Can Behavior Analytics Prevent Hack & Fraud Schemes?

According to the Securities and Exchange Commission, the perpetrators charged in committing a cyber-powered stock fraud grossed millions in illegal profits by utilizing insider data retrieved from pre-published newswires. This kind of hack & fraud scheme is an example of the type of hybrid cyber-crime affairs organizations will face in the upcoming months and years.

 

We looked into the indictment in search of the unique patterns that enabled the group’s successful and ongoing operation. We found that four methods were used to access the pending wire items:

  • Stolen username/password information of authorized users to pose as authorized users
  • Back-door access-modules
  • Deploying malicious computer code designed to delete evidence of the attacks
  • Concealing the identity and location of the computers used to access the newswire services

These patterns did not come as a surprise. First, the usage of stolen credentials has been a primary stage at every single high-profile security incident in the past couple of years (Target, Sony, Anthem…). User credentials are an irreplaceable and crucial element of any initial foothold and have become a trademark of all successful intrusions. Second, the deployment of back door access-modules to both improve network grip and ensure a long and lasting campaign, and finally, the use of tailored code to continuously cover up the traces such an intrusion may leave in local logs.

 

Another interesting aspect of this group’s activity is its decentralized structure, leaning on sophisticated communication patterns aimed at ensuring the HACK operation and FRAUD operation are somewhat safely separated. One such practice was affiliated to the “Dubovoy Group.” The group is said to have shipped their loot from the newswire websites using video instructions left at a unique server location behind a specific username and password.

 

Behavior analytics, pattern recognition and anomaly detection have long dominated the financial fraud prevention industry. With a tide of hybrid attacks that exploit IT and financial system flaws simultaneously, there is no doubt Network-based User Behavior Analytics should take its place helping prevent future threats.