Stock exchanges around the world could be the latest target for hackers. So warns a British information security company.
The London Stock Exchange website was recently blocked by Google for distributing malware to unsuspecting visitors leaving them exposed to online fraud; and earlier this month NASDAQ the US exchange was hit by a similar attack.
Ian Shaw the Managing Director of MWR InfoSecurity said: “ A high profile breach of the integrity of a site such as this is very concerning, especially as it appears to be a commonplace attack similar to those seen on much less secure sites every day."
The LSE blamed an advert on their website that had been taken down and would have only affected visitors if they had clicked through.
Shaw said: “Most likely it was compromised into delivering malware to unsuspecting visitors infecting their computers and leaving them exposed to online fraud – probably a variant of the ‘anti-virus’ scam
whereby users are encouraged to download code that then infects their computer and asks then to purchase ‘anti-virus’ software to remove it.
"If the compromise was in fact that of a third party used for the delivery of advertisements then the LSE needs ensure they are protecting users of their services by carrying out suitable checks on
such suppliers."
He added: “The London Stock Exchange need to ensure that they complete a thorough investigation, as while this appears a regular attack, given the target and the similar incident at NASDAQ earlier in the month the integrity of the site needs to be assured.
“There is also the reasonable requirement that that Stock Exchange informs all users of the site to ensure they can take reasonable precautions; for example passwords may be compromised and may be being used on other services leaving them exposed.”
Shaw said: “There is now consistent evidence to suggest that the security measures being taken by UK business to protect their online portals are insufficient, they are not keeping pace with the threats.”
