SEC charges American, Russian, and Ukrainian criminal hackers for breaching EDGAR

International criminal hackers hailing from the U.S., Russia, and Ukraine made $4.1 million by illegally accessing the SEC’s (Security and Exchange Commission) EDGAR (Electronic Data Gathering, Analysis, and Retrieval) system. 

According to the SEC’s complaint, “Starting in at least May 2016 and continuing into at least October 2016, Defendant Ieremenko and others working with him used a variety of deceptive means to obtain thousands of nonpublic ‘test filings’ from the SEC’s EDGAR system’s servers.”

The report continued: “The hacked material nonpublic information was then transmitted to traders who, in connection with approximately 157 earnings announcements, used it to place profitable securities trades before the information was made public.”

The criminals used malware, spoofing, and phishing attacks in order to access EDGAR and steal information from the system on 157 unreleased earnings announcements. This earnings information was sent to servers in Lithuania and forwarded to criminals.

“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Stephanie Avakian, co-director of the SEC’s enforcement division.

Malware protection

Systems such as EDGAR should have malware protection in place. Protecting against a broad range of malware (including computer viruses, worms, spyware, botnet software, and ransomware) and including options for virus removal will safeguard your computer, your privacy, and your important documents from attack.

Are you at risk? Avoid the following practices:

  • No malware protection software installed on systems
  • No anti-malware software installed on all devices that are connected to the Internet
  • Anti-malware solutions that do not automatically update and conduct regular scans
  • Anti-malware solutions that do not perform website blacklisting
  • Failure to configure malware protection software to scan files automatically upon access, such as when downloading or opening files, or accessing web pages

Cyber Essentials is a cybersecurity certification scheme that sets out a good baseline of cybersecurity suitable for all organizations in all sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber attacks. Our fixed-price solutions can help you achieve certification to either Cyber Essentials or Cyber Essentials Plus at a pace and budget that suit you.  

Email us or call 1 877 317 3454 for a custom quote.