Trading on the Hong Kong stock exchange for a handful of stocks remained suspended as a result of a distributed denial-of-service (DDoS) attack on its news Website, the Financial Times reported.
The “coordinated and sustained” DDoS attacks continued for a second day on one of the exchange’s Websites which is used to disseminate price-sensitive information, FT said.
The identity and intention of the attackers remained unknown, Li said. The DDoS attacks were coming from a large botnet made up of personal computers from around the world, the majority of which were based outside of Hong Kong, according to HKEx.
“Our current assessment that this is a result of a malicious attack by outside hacking,” said Li.
While some DDoS attacks are out to just knock Websites offline, many attacks are a diversion for other malicious activity, Neal Quin, vice-president of operations at cloud-based DDoS mitigation provider Prolexic, told eWEEK. While he did not have specific knowledge on the details of the attack on the Hong Kong Exchange, Quinn said many attackers often breach networks while the security team is busy dealing with the “present” DDoS threat.
“Mission-critical” systems actually used for trading, clearing and distributing market data were unaffected because they were not accessible from the public Internet. “HKEx’s other systems are not affected and trading in its securities and derivatives markets continues to operate normally,” according to an HKEx statement.
HKEx said it had been “working closely with local and overseas security experts” to investigate the cause of the attack and restore normal service. The exchange successfully implemented a mechanism to filter out the malicious packets late August 10, which allowed the news site to come back online even while under attack.
Attackers were using multiple attack vectors, which made it harder for the exchange to defend against the DDoS, HKEx said. There are several ways to launch a DDoS attack, including flooding the network with SYN or ICMP packets, attacking the application layer by sending so many database or Web requests to the site that it cannot process them all, and sending malformed packets, among others, Quinn said. Most DDoS attacks are a combination of techniques in a “blended attack”, Quinn said.
Seven stocks were suspended from trading after the news Website crashed the first time, shortly before the companies were to post “sensitive results” from the morning trading session. The exchange defended the suspension because to continue trading would be unfair to investors who could not access the companies’ results while the news site was down.
The Hong Kong exchange would abandon the practice of publishing company news on a centralised Website to prepare for future attacks, Li said. It will rely on media and commercial information vendors such as Thomson Reuters and Bloomberg to distribute company announcements and instruct investors to get the information directly from the company Websites, according to Li. The exchange plans to buy advertisements in eight local newspapers with a list of companies expected to post news that day so investors will know they have to check the company Websites for details.
“It was refreshing to see Mr. Li not blame the attacks on uber-sophisticated, foreign, advanced ninja hackers, but rather state the facts and explain what the exchange is doing to ensure the integrity of the market,” Chester Wisniewski, a senior security advisor at Sophos, wrote on the Naked Security blog.
Researchers have long warned that attackers can potentially disrupt financial systems by attacking stock exchanges. The Zimbabwe stock exchange was attacked in early August. The United States Nasdaq revealed in February that cyber-criminals had embedded malicious code on the “Directors Desk” Web application. James Arlen, an independent security researcher, discussed how attacks on high frequency trading systems would occur too quickly for exchanges to defend against at the recent Black Hat conference.
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…
View Comments
Ron Gula, CEO of Tenable Network Security, comments:
“This particular type of scenario is interesting because a denial of service could be just as damaging as an actual break-in. If timed right, having the ability to turn off a market or prevent shares from being traded could work to a malicious investor's advantage. While in hacking situations like this there will never be a single point solution that could have mitigated such an attack, this case once again demonstrates the need for online services to deploy real-time vulnerability scanning.
“Organisations need to assume that malicious code is going to infiltrate their network, so what’s needed is a system that will continuously monitor the entire organisation’s network, to immediately flag when there is a compromise, or potential vulnerability discovered from internal or external sources.
“Real-time vulnerability scanning is such a key tool for an IT department because without it systems cannot be properly secured and core assets cannot be maximised. In this changing world of threats it is no longer good enough to run patches on a Tuesday and run a weekly scan of the network – there must be systems in place to be able to continuously monitor the organisation’s systems to immediately flag when there is a system compromise or potential vulnerability discovered from internal or external sources.
“ The IT network management environment is only going to become more complex and challenging, both internally and externally – so system administrators must ensure that they can see what’s happening at every moment before something happens that they weren’t expecting.”