According to various sources, a website operated by Nasdaq was compromised and infected with web based malware. Reports of the attack surfaced last week. The target of this attack are the roughly 10,000 executives that use the Nasdaq information portal Directors Desk. It appears that attackers were able to inject drive-by-download malware onto the website. Although sources familiar with the matter claim that the exchange’s trading platforms were not affected, the risks of this attack are nonetheless very high. Visitors to the website would have been exposed to malware which could at a later time log their keystrokes and steal passwords to sensitive trading accounts or other information.
Given the trend of sophisticated malware attacks like Gumblar and Aurora such an attack, where criminals plant drive-by-downloads, log user keystrokes, and then use the stolen credentials to penetrate deeper into websites to steal information or plant additional malware, is quite possible. Additionally, if a search engine or browser detected that the website was serving malware, the site could get blacklisted and be inaccessible to users.
The Nasdaq security team apparently identified the issue internally, but the question is how long before the infection was detected. How many days, weeks, or months was the infection out there? And how many users were exposed to the malware in the meantime? According to the Wall St Journal, the “Secret Service first began investigating last year.” The impact could have been potentially explosive since this attack was directed at NASDAQ executives who have access to sensitive data. It is extremely important for our critical infrastructure services, including stock market exchanges, to frequently monitor their websites for malware to minimize risk to their users and avoid the consequences of targeted malware attacks.