Hackers are using finance smarts and English skills to attack biotech firms

Sometimes social engineering can be far more effective than complicated malware when it comes to cyber attacks. Case in point: the cybersecurity firm FireEye has tracked a recent spate of attacks against over 100 healthcare and pharmaceutical companies to a particularly smooth group of hackers. The group -- which FireEye calls "Fin4" -- leverages its knowledge of those industries, financial markets, and native English skills for targeted attacks against executives and other notable employees. Instead of relying on spyware, the group carefully crafts emails that trick recipients into logging into malicious websites to steal their email logins.

These aren't your typical hackers --- FireEye believes Fin4 is made up of Americans or Western Europeans who've worked in the U.S. banking industry. The sophisticated and methodical nature of the attacks also distinguishes them from the hackers who just want to blindly steal data.

Like something out of an airport espionage thriller, Fin4 appears to be gathering information about publicly traded companies in the hopes of getting a leg-up in the stock market. According to FireEye's VP of threat intelligence Dan McWhorter, this is the first time we're seeing such a sophisticated attack aimed at taking advantage of financial markets. But given just how effective it's been, we don't expect it to be the last.

[Photo: Benjamin Howell/Getty]