Over the last few years, the concept of sustainable business practices has gained momentum leading to new markets such as carbon emission trading. Carbon markets encourage investments in low carbon technologies, which would eventually lead to reduction in carbon emissions. These markets also enable countries to reach the targets set under the Kyoto protocol. However, information security infrastructure in such new markets has not yet fully evolved.
A recent report by PricewaterhouseCoopers (PwC) indicates that cybercriminals are now targeting new markets to exploit the flaws in information infrastructure. Recently, many participating national registries of European Union Emissions Trading System (EU ETS) suffered security breaches. Cybercriminals intruded into the national registries of countries such as Czech Republic, Greece and Austria among others. The attackers allegedly made unauthorized transfers of around two million EU emission allowances (EUAs), equivalent to over 28 million euros from some of the trading accounts. Some reports have suggested even higher losses. Trading was suspended for a few days as a result of the security breach. The PwC report on green fraud risks states that recent attacks were carried out by organized cybercrime rings possibly based in European Union region.
Regular security evaluation of the IT infrastructure through penetration testers may facilitate timely detection and mitigation of security lapses.
Similar attacks were carried out last year by cybercriminals. The attackers reportedly sent phishing emails to employees of several companies. The e-mails appeared to have been sent by seemingly legitimate, but fake registries. The e-mails requested users to re-register their accounts. Unwary employees working at some German companies responded to e-mail and disclosed the required information. Using the provided information, attackers breached the accounts of the victims and transferred unit’s equivalent to over 3 million euros. Romania’s national registry also suffered security breach resulting in unauthorized transfer of around 1.6 EUAs.
Threats in the cyberspace are vibrant and attackers may launch more sophisticated attacks on carbon and other green markets. Trading registries must improve the information infrastructure to deal with the vibrant cyber threats. Organizations must create awareness among the employees through cyber security and online training programs. Trading registries must frame guidelines on information security and monitor their implementation to prevent intrusions and security breach incidents.