All the latest UK technology news, reviews and analysis


Hackers target NASDAQ Community for passwords and account data

18 Jul 2013
nasdaq

Cyber criminals have targeted the NASDAQ Community forum with a password-stealing attack, looking to gather sensitive information that could be used to mount a larger, more costly campaign.

NASDAQ sent out an email warning users that their account information may have been compromised, but confirming no trading or stock exchange information or systems had been affected by the breach. NASDAQ is yet to confirm how many of the community users have been affected and at the time of publishing had not responded to V3's request for comment.

NASDAQ has since taken the community website offline to upgrade its systems to plug the breach. NASDAQ has been a common target of criminals and was hit by a more serious cyber attack in 2011.

While the information stolen is not necessarily dangerous, it could be used by criminals to mount subsequent, more advanced attacks. In general the information is used by criminals to create more tailored phishing messages, or make more intelligent password guesses when attempting to infiltrate victims' main work accounts.

However, F-Secure analyst Sean Sullivan told V3 the information stolen from NASDAQ could theoretically be used to mount an even more dangerous attack. "How bad is this? That really depends on how forthcoming the NASDAQ community admins have been," he said.

"Imagine this: Suppose the NASDAQ community forum wasn't just compromised for its users' passwords – but also to use it as a watering hole. You thought the Twitter, Facebook, Apple, Microsoft watering hole attack compromises via the iPhone Dev SDK forum was bad? Well, I think that would be nothing compared to the kind of damage that could be done via NASDAQ."

A watering hole attack is a tactic commonly used by hackers to target specific groups. It sees them infiltrate a commonly visited website by people within the target industry and lace it with malware, letting them infect a large number of people, without having to mount multiple attacks.

The potential value of password and account information has made it an increasingly valuable commodity for cyber criminals, with many selling it on cyber black markets. Most recently Webroot researcher Dancho Danchev reported uncovering a Russian cyber gang selling thousands of users' Skype and Twitter password details on a newly created blackmarket.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
21%
13%
4%
21%
30%
11%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

eCommerce Business Analyst

Ecommerce Business Analyst e-commerce Business Analyst...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Java Developer

We have an exciting opportunity for a Mid-level Java...

ASP .NET Web Developers (C#)

.Net / C# / ASP . NET / MVC / SQL We are looking...
To send to more than one email address, simply separate each address with a comma.