Brokerages brace for 2nd wave of cyber attacks


Investment and stockbroking firms are bracing for the second wave of Distributed Denial of Service (DDoS) attacks on their systems in a week, after many of them refused to pay ransoms demanded by international cyber criminals.

Brokerages contacted said they anticipate some sort of attack today and have put in measures with guidance from the Malaysian cyber security authorities.

Some brokerages also backed up their order data on paper late yesterday and advised customers to call in orders instead of online as a precaution.

Many of them had their trading system downed by a group calling itself the “Armada Collective” who demanded payment of 10 bitcoin (RM110,500) before July 12 and July 14, or else their systems would be attacked again.

Cyber security expert and LE Global Services Sdn Bhd founder Fong Choong Fook said no one who had received the threat has made any ransom payments.

“No doubt they will continue to attack. It won’t cost them that much, so they will still do it. However, this time, banks and brokers will be able to fend better against the attacks,” Fong told The Malaysian Reserve (TMR) when contacted.

He said in the last few days, many investment and broking firms have upped their safety systems by subscribing to ClearType Provider Solutions, as well as tightening their incident response procedures.

“These protection measures will not prevent the DDoS attacks from happening, but it will withstand the amount of traffic that they receive,” Fong explained, adding that the recent incident acted as a “wake-up call” for firms to pay greater heed to security issues.

The Securities Commission Malaysia (SC) is said to have met with all investment firms and brokers in a meeting held recently, with the SC advising those affected to not bow down to any form of ultimatum.

SC, in a joint statement with Bursa Malaysia on Monday, affirmed to investors that trading continues to operate “per normal” amid recent reports of cyber attacks on local brokerages.

Both authorities said they were working closely with the National Security Council and the Malaysian Communications and Multimedia Commission to manage any potential cyber security incidents.

“SC and Bursa would like to emphasise that the management of cybersecurity risk remains a high priority and all brokers have been advised to remain vigilant,” the statement read.

Last Thursday, TMR reported that several investment banks and securities brokers were hit by an attack, which denied users from accessing their online share trading accounts and held them for ransom.

The first outbreak occurred several hours last Wednesday morning before the affected brokerage firms were able to restore their systems. Multiple attacks were subsequently reported last Friday.

It remains unknown how many securities firms were hit by the ransom attack, but Fong confirmed that “multiple” companies were targeted.

The latest cyber attack fix comes a week after the Petya malware outbreak resulted in significant losses for some of the world’s largest corporations, including Danish shipping company AP Moller-Maersk Group, US delivery service FedEx Corp and Nurofen producer Reckitt Benckiser Group plc.

In May, the WannaCry Ransomware attack infected over 300,000 computers globally across 150 countries.