By ALIFAH ZAINUDDIN
Investment firms and brokerages had not bowed down to the ransom demands of cybercriminals who launched a series of attacks last Wednesday, said a cyber hacking expert.
The extortioners were also believed to be a “copycat” of a group of hackers who called themselves the “Armada Collective” despite showing signatures of the group, according to Internet hacking security expert LE Global Services Sdn Bhd founder Fong Choong Fook.
“So far none of the brokers paid. That is something we can be proud of. I also don’t think the hackers are really Armada, perhaps just a copycat,” Fong told The Malaysian Reserve (TMR).
The Armada Collective came to prominence after it had blackmailed hosting providers in Switzerland with Distributed Denial of Service (DDoS) for bitcoins in September 2015. Financial institutions in Switzerland had also received similar extortion emails.
The hackers had been linked to various attacks around the world since 2015, including on five Taiwanese brokerages in February 2015.
The cybercriminal group claimed they had the capacity to generate 500GB/s DDoS outbreaks — which would result in a torrent of traffic to the targeted server, causing systems and applications to go down.
TMR first broke the story last Thursday that several investment banks and securities brokers were hit by an online ransom attack, which prevented users from accessing their online share trading accounts. The hackers had demanded a ransom of 10 bitcoin (RM110,500).
Victims of the attacks had alerted their clients on the DDoS threats. A notice from trading solutions provider N2N Connect Bhd stated the firm witnessed a coordinated attack on the morning of July 5, 2017, which targeted broking houses.
A similar account was given by Jupiter Securities Sdn Bhd and Excel Force MSC Bhd, with the latter claiming the attack did not penetrate the company’s firewall and no data was compromised in an hour-long snag.
The related authorities had not denied the DDoS ransom attacks on the brokerage firms.
Bursa Malaysia said there were no disruptions on the stock exchange. The Securities Commission Malaysia said it was working with relevant bodies, including the National Security Council and the Malaysian Communications and Multimedia Commission to track and manage further potential threats.
The National Cyber Coordination and Command Centre was not able to be reached late Friday.
Symantec Corp Asean director of systems engineering Halim Santoso said smart devices and Internet of Things (IoT) gadgets are “vulnerable” and can become the medium for such DDoS attacks.
“DDoS is not new. Last year, we predicted an increase in attacks targeting IoT devices such as laptops, smartphones, home televisions (TVs) and closed-circuit TVs.
“It is a global prediction where we see a trend driving up DDoS in 2017,” he told TMR.
Worries over Internet security and cyberattacks heightened in the last 12 months. The latest DDoS attack on local brokers would force the related authorities to re-evaluate system security policies — especially for online trading.
Cyber criminals are hurting companies worldwide. Last week, the Petya cyberattack resulted in significant losses for some of the world’s major corporations, including Danish shipping company AP Moller-Maersk Group, US delivery service FedEx Corp and Nurofen producer Reckitt Benckiser Group plc.
The Guardian reported last Friday that Reckitt — who is also the producer of Dettol and Durex products — had suffered an estimated loss of £100 million (RM555 million) in revenue from the malware outbreak.
In May, the WannaCry Ransomware attack was believed to have infected over 300,000 computers in more than 150 countries globally.
Mondelez International Inc — the second-largest confectionary company in the world — declared a 3% lower turnover for the second-quarter of 2017 as a result of the Ukraine-originated virus.
On the local front, nearly 20 Malaysian firms were affected by the WannaCry attack in May, ranging from a government-linked corporation and a financial investment firm to a motor repair shop.