Midsized brokerages are the latest to bear the brunt of hacking incidents, a string of which has plagued Japanese major securities houses, adding another layer of concern to the country’s online trading infrastructure.
Okasan Securities and Iwai Cosmo Securities also reported they have suffered damage from market manipulation, suggesting that the scope of this cyberthreat has broadened considerably.
Iwai Cosmo Securities announced that third parties wrongfully entered client accounts using hacked access cards and placed illegal trading orders for Japanese stocks.
Okasan has yet to confirm anything about the nature of the attack, but the announcements from two midsized firms at the same time does indicate a worrying pattern.
The move follows an announcement by the Financial Services Agency (FSA) earlier this week that fraudulent trades using stolen or faked IDs amounting to ¥304.9 billion ($2.1 billion) have been counted across 3,505 transactions between January and April.
This spike, which marks a tenfold increase from March, highlights the rapidly growing size of the cyber threat against financial services.
At first, the ten biggest securities companies in Japan were targeted by the cyberthieves. These companies have also reacted by adding new security. Rakuten Securities also detected zero unauthorized access as of May 2, after updated its online trading system and bolstered security measures.
Adoption of multi-factor authentication (MFA) seems to be an industry trend as well, with the Japan Securities Dealers Association saying on May 14 that 74 brokerages had already made MFA a requirement.
But the change in attention toward midsized companies means these cybercriminals are evolving their attack strategies to aim at organizations that might have less robust security in place.
The proliferation of these attacks now targets a larger scope of victims and is a high risk to investors and requires immediate resolution by those firms and regulators that have been hit.
The FSA is advising all internet trading sites to be on high alert and bolster their information security measures. Investors are also encouraged to take the initiative to safeguard their investment accounts, such as activating multi-factor authentication, employing strong and unique passwords, and being on guard against phishing attacks.
At press time, probes into the latest KaZaA hijacks were still in progress: authorities trying to nail who is behind the attacks and how to shut down the culprits. Now all eyes will be looking to see how the remainder of these midsized companies and the rest of the Japanese financial industry fights back against this looming threat.
