A recent report by security consulting firm FireEye reveals that a hacker group, referred to as FIN4, have infiltrated over 100 publicly traded companies and advisory firms since at least mid-2013 and are likely trading using inside information. FIN4's ongoing hacking efforts particularly target the email accounts of individuals with access to non-public information about imminent M&A deals and other market catalysts. According to the report and an interview with Jen Weedon, FireEye's manager of threat intelligence, the highly tailored tactics and level of sophistication suggest that the hackers may be individuals with experience on Wall Street.

Focus on M&A deals and healthcare sectors

FIN4's focus is on acquiring information on ongoing M&A discussions. They target individuals directly involved in a deal, such as senior executives, legal counsel, and regulatory, risk and compliance personnel. On multiple occasions, the hackers have simultaneously targeted individuals in several organizations involved in the same deal, including law firms, consulting firms and public companies.

In addition, FIN4 focuses particularly on public companies in the healthcare and pharmaceutical sectors, as over two-thirds of the targeted organizations fall under this category. FireEye theorizes that this focus is because the nature of these sectors involve issues that are most likely to significantly affect stock prices, such as clinical trial results and litigation.

Highly tailored phishing tactics

FIN4 steals login credentials to the email accounts of select individuals by using phishing emails sent from compromised email accounts. These phishing emails are often highly tailored and employ a variety of tactics to make them appear legitimate.

For example, they attach stolen but legitimate corporate documents with malicious code embedded in them, which will display a fake Windows Authentication window and prompt the user to enter their login credentials. The email body is often customized to appeal to the unique concerns of the particular target recipient. One sample email shown in the report was sent to an executive of a public company under the guise of a complaint regarding improper disclosure of pending transactions. In some cases, the hackers have also sent messages using existing email threads from compromised accounts, thereby adding an extra layer of purported legitimacy.

FIN4 further modifies the Microsoft Outlook configurations of compromised accounts to prevent the victim from reading emails which may alert the victim about the security breach. It does this by automatically deleting emails in the inbox containing words such as "virus", "phish" or "hack".

Prevention

The operations of FIN4 are ongoing and the report suggests that organizations implement several technical changes which can hinder the hackers. However, as FIN4's operations rely primarily on human deception, they may simply find a new way around the technical obstacles introduced by the report. Organizations at particular risk of being targeted should ensure their employees and executives are aware of these hacking efforts, take appropriate precautions to verify the identity of senders requesting sensitive information, and avoid providing login credentials unless they are absolutely certain that the prompt is legitimate.

The author would like to thank Matthew Lau, articling student, for his assistance in preparing this legal update.

Norton Rose Fulbright Canada LLP

Norton Rose Fulbright is a global legal practice. We provide the world's pre-eminent corporations and financial institutions with a full business law service. We have more than 3800 lawyers based in over 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia.

Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare.

Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact.

Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP, Norton Rose Fulbright South Africa (incorporated as Deneys Reitz Inc) and Fulbright & Jaworski LLP, each of which is a separate legal entity, are members ('the Norton Rose Fulbright members') of Norton Rose Fulbright Verein, a Swiss Verein. Norton Rose Fulbright Verein helps coordinate the activities of the Norton Rose Fulbright members but does not itself provide legal services to clients.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.