A decidedly low-tech cyber-attack has been launched against Wall Street firms for the purpose of intercepting sensitive documents related to mergers and acquisitions in the health care and pharma industries.

The attackers, nicknamed F4 by FireEye, a cybersecurity company that released a report on the incident, either work or have worked in M&A advisory firms, law firms, or corporate development, and as such know the value of highly sensitive information regarding deals that may be in the works.

“They’ve uncovered a group that appears to be people with a deep degree of familiarity with how M&A works and how markets tend to move on information that is public or not-yet public or soon-to-be public,” Joram Borenstein, vice president at NICE Actimize, told Markets Media. “It appears to be a group focused on manipulating the stock market and, presumably, benefiting financially from insider information.”

Operating since at least mid-2013, FIN4 focuses on compromising the accounts of individuals who possess non-public information about M&A deals and major market-moving announcements, particularly in the healthcare and pharmaceutical industries, according to the FireEye report. FIN4 has targeted individuals such as top executives, legal counsel, outside consultants, and researchers, among others.

FIN4 employs a simple yet effective method to gather targets’ user credentials through their spear-‘phishing’ emails. They embed malicious code into legitimate Microsoft Word or Excel document that prompts the user for their Outlook credentials. The group also sends emails with links to fake Outlook Web App login pages that will also steal the user’s credentials.

“What’s interesting about this group is that they’re not actually trying to infect people’s devices,” said Borenstein. “They’re not trying to implant malware on people’s computers and then sniff traffic. Instead, what it appears they’re trying to do is simply get the passwords for people’s e-mail accounts and use that to get access to their e-mail.”

Borenstein likens the F4 attacks to the ‘pump-and-dump’ scandals that took place six or seven years ago, in which cyber-criminals would hack into someone’s account at a brokerage firm, sell off their blue chips stocks and then buy worthless pink sheets in order to jack the price up.

“The cyber-criminals had their own account in which they bought the penny stocks on the pink sheets at very cheap prices, watched the price go up, and then sold from their own accounts.”

He added, “The bottom line is this: technology-wise, it’s not very sophisticated. It’s the approach and the process that is.”

As with most social engineering attacks, the only known defenses are vigilance and education.

“A lot of this come down to the tried-and-true best practices that information security people have talked about for many years,” Borenstein said. “Having to do with education, having to do with not clicking on attachments from people you might not know, and really asking yourself if something passes the sniff test or not.”

Featured image via James Thew/Dollar Photo Club