Healthcare and pharmaceutical industries are top targets, FireEye report says.
A computer-security firm has warned hackers are targeting executives and others with inside information about merger and acquisition deals in a bid to obtain insider information that could have implications on the stock market.
FireEye FEYE said hackers comprised of a group called “FIN4” have targeted over 100 organizations since the middle of 2013, with all of the targets either publicly traded companies or advisory firms that provide services including legal counsel and investment banking. The group appears to have deep familiarity with business deals, FireEye said, and has targeted individuals such as top executives, outside consultants and researchers, among others.
The healthcare and pharmaceutical industry has been a top target, making up 68% of the targeted organizations in the report compiled by FireEye.
“We believe FIN4 heavily targets healthcare and pharmaceutical companies as stocks in these industries can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues,” the FireEye report said.
The interest in that sector also comes at a time when pharmaceutical deals are booming, with pharma companies acting as both buyers and sellers.
FireEye said it observed FIN4 access information on a wide variety of issues–including drug development, insurance reimbursement rates and pending legal cases. All of those issues can influence the price of healthcare stocks, the firm added.
Here’s how it works: FIN4 doesn’t infect systems with malware, but instead focuses on obtaining usernames and passwords to victims’ e-mail accounts, allowing them to view private e-mail correspondence. The hackers have often targeted several parties involved in a single business deal, and also have mechanisms in place to organize the data they collect and take steps to evade detection.
FireEye listed a few lines of defense, saying basic security measures could be helpful. Those tips can be found in the full report.