How to Hack the London Stock Exchange
The Wall Street Journal reports (read the story here) that the August outage at the London Stock Exchange may have been a cyberattack. Mad Max has looked into the players and observes:
- The London Stock Exchange Group, which runs the LSE, has turned off their email impersonation/spoofing/phishing enforcement (p=none).
- Their SPF record uses Microsoft Outlook protection, which means hackers (thanks to Agari's non-protection of Microsoft Outlook) could spoof their way into the Outlook systems administrator to set up fake email accounts.
Mad Max is flatly amazed that the LSE has experienced only three outages over the past few years. He further hypothesizes that the outage was in all likelihood a blown effort, since it is more than likely that the LSE has long-since been compromised and infiltrated by bad actors.
#agari #lse #lseg #dmarc #databreach #microsoft #outlook