Ransom attack on brokerage a wake-up call for industry


On Wednesday two weeks ago, several brokerages and banks reported that some of their online trading systems were blocked by a group of people who demanded large sums of money as ransom.

By most accounts, the denial of service attacks were quickly neutralised and the affected trading systems were back online by the end of the day, but the victims were given a week to pay up the money of face bigger and more damaging attacks.

As the deadline approached last week, brokers were braced for the worst. Some moved their business entirely to phone orders and printed them as physical backups.

The attack didn’t materialise, which led cyber security experts to say that the criminals, who signed their ransom note as “Collective Armada”, may be local crooks just out to try their luck at getting ransoms.

“We have checked with the authorities, the Securities Commission Malaysia (SC) and Bursa Malaysia, and there is no relapse of the attacks. The investment banks and brokerages have taken the necessary steps to implement the counter measures,” LE Global Services Sdn Bhd founder Fong Choong Fook told The Malaysian Reserve (TMR) recently.

Fong said, however, the attacks were an eye-opener for the the brokerage industry, which has now taken such threats more seriously and are interested to invest in cyber security.

“We have seen a lot of effort put in by these companies in recent weeks to beef-up their security, which is a good thing,” he added.

However, Kaspersky Lab South-East Asia GM Sylvia Ng said adoption and awareness of cyber security practices in Malaysia remained ”average” with room for improvement.

“Most Malaysians are quite cyber-savvy, but often at times still very careless. We also know that cyber security usually comes last when companies plan out their products and find ways to make them connected,” Ng said in an emailed reply.

Ng said financial phishing attacks are also on the rise, as reflected in last year’s figures.

According to Kaspersky Lab’s fourth-quarter Distributed Denial of Service (DDoS) intelligence report, financial phishing increased 13.14 points to 47.48% in 2016 compared to 34.33% in 2015.

The report showed that the longest DDoS attack committed last year lasted for 292 hours, or 12.2 days, while the highest number of DDoS assaults launched within a single day was 1,915 attacks recorded on Nov 5, 2016.

The same data also noted that the number of users attacked by banking malware increased by 30.55% to reach 1.1 million cases, of which 17.17% were corporate users.

Additionally, the number of attacks on Android users also rose exponentially, from just 3,967 attacked users in January 2016 to about 75,000 in October 2016. Russia, Australia and Ukraine were among the countries with the highest percentage of users attacked by Android banking malware.

“The most common scenario is your device ending up as part of a botnet. For example, your home network devices could be used to perform illegal activities, or a cybercriminal who has gained access to an Internet of Things device could spy on and later blackmail its owner — we have already heard of such things happening,” Ng said.

On July 7, several investment banks and brokers were hit by an online ransom attack, which prevented users from accessing their online share trading accounts. The hackers demanded a ransom of 10 bit- coin (RM110,500) for the system to be restored.

It is not known how many securities firms were affected by the attack, but Fong confirmed that “multiple” companies were targeted.

A random check on several online trading firms revealed that the companies did not experience any subsequent attacks last week, adding that they have since increased their security.

SC and Bursa Malaysia, on July 10, downplayed the attacks, saying that trading continued to operate “as per normal” amid the denial of service.