Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

NASDAQ Attackers Likely Monitored Director Communications

Two unknown sources close to the NSADAQ investigation have told Reuters that malicious software that worked its way into a web-based communications platform at NASDAQ last year allowed the attackers to monitor communications between busin

Two unknown sources close to the NSADAQ investigation have told Reuters that malicious software that worked its way into a web-based communications platform at NASDAQ last year allowed the attackers to monitor communications between business leaders using its Director’s Desk system.

Directors Desk is a solution to help board members communicate and collaborate “securely”, which the company says is used by more than 10,000 directors around the globe.

Hackers Penetrate NASDAQ Directors DeskIt is unknown what the attackers may have stolen information wise, or what passive communications were viewed as they monitored on the directors of several publically held companies. At the time of the breach, NASDAQ reported that no evidence was discovered that pointed to access of customer’s information, but given the nature of Director’s Desk, the latest details are far from cheery.

NASDAQ CEO Robert Greifeld told the news agency that the exchange is under constant attack. Because of this, they spend nearly a billion dollars annually on their information security program. Yet, is this money that should be applied elsewhere? Perhaps on basic Application Security?

“Due to the true nature of the Director’s Desk Web-based application, it appears that vulnerabilities within the application were probably successfully exploited by remote attackers that allowed them to peruse information exchanges between various company directors. There are several classes of common vulnerabilities that would allow attacks like this, and I would direct people to take a closer look at the OWASP Top-10 application security risks,” commented Damballa’s Gunter Ollman.

“Gaining remote access to confidential data held within the Director’s Desk application could have been through SQL injection, broken authentication and session management, and URL restriction failures. In my years of running penetration tests against Fortune-500 companies, these were the most common vulnerabilities that could be exploited to reveal this level of confidential data.”

He added that the new details of the malicious usage of Director’s Desk, or any major Web application being targeted should come as no surprise.

“Overall, vulnerabilities within large Web-based applications are very common. They are under constant development and change, which means that vulnerabilities can be unintentionally introduced at any time. If there are multiple development teams working on the same application portal – all developing their own micro applications – then the probability of new vulnerabilities being introduced grows considerably. This is why Web applications need to be security tested continuously.”

Directors Desk is completely unrelated to the NASDAQ trading platforms which power the exchange and trading operations were never affected.

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.