A new report from security vendor FireEye about the emergence of cyber-attacks aimed at the accounts of high-level executives at publicly traded corporations for the purpose of "obtaining an edge" in stock trades has raised some questions among financial fraud experts.

See Also: Mobile Banking Success Criteria: Scalability, Outsourced & in-the-Cloud

Some security experts say that while these types of attacks, which revolve around spear-phishing campaigns whose ultimate purpose is to exfiltrate e-mail exchanges about confidential and anticipated market movements, are concerning, they are not new, and are much more widespread than FireEye's report suggests.

In its Nov. 30 report, FireEye identifies a group known as FIN4 that it says has been waging cyber-espionage attacks against more than 100 public companies and advisory firms since mid-2013.

But Tom Kellermann, chief cybersecurity officer at the security firm Trend Micro, says the new research report is "not groundbreaking," noting that market manipulation by cyber-attacks began back in 2002 and exploded after 2005 - a point noted by The World Bank in its May 2005 Capital Markets and E-fraud paper.

Kellermann says it's not clear why FireEye's report calls out only one threat group, FIN4, when numerous groups have been waging these types of attacks since the dawn of the global financial crisis.

After the financial crisis of 2008 and 2009, a small percentage of the thousands of banking and financial professionals who were left jobless offered financial acumen and strategic knowledge to the underground economy, he says.

And Will Woodward, an analyst for the consultancy Aite, says it's unlikely that FireEye has uncovered the full extent of this type of cyber-espionage activity.

"FIN4 is most likely not the only cybercrime organization doing this," Woodward says. "This is not the first time an attack of this kind has occurred."

FireEye's Report

In a blog, FireEye says, "FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the e-mails of C-level executives, legal counsel, regulatory, risk and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information."

More than 75 percent of the targeted organizations are healthcare and pharmaceutical companies, FireEye reports. Other targets include law firms, investment banking firms and investor relations firms, among others. FireEye says healthcare and pharmaceutical businesses are most often targeted because their stocks can be more fluid after news breaks about new clinical trials, regulatory decisions, or safety and legal issues.

What's more, FireEye reports that all of these stock-market-manipulation cyber-attacks appear to have been waged by native-English-speaking hackers who have in-depth knowledge about how stock information is exchanged.

FireEye did not reply to Information Security Media Group's request for comments beyond those in its blog.

Detecting fraudulent trading can be especially difficult with pharmaceutical stocks, Aite's Woodward says. Pharma stocks are notorious for insider manipulation, since many of these stocks are sold or managed through informal trading practices, he adds.

"Most major exchanges have the market surveillance capabilities to detect serious anomalous trading activity, such as stock run-ups, as it is a common type of insider trading before big announcements," Woodward explains. "The danger is when the shares are traded over-the-counter [through a dealer network rather than on a formal exchange such as the New York Stock Exchange], which many pharmaceutical stocks are, because then the detection mechanisms at the exchange level are not always sufficient."

Targeting Attorneys

But what's most concerning about the spear-phishing attacks noted in FireEye's report is that they are actually being waged against law firms that represent these publicly traded companies, Trend Micro's Kellermann says.