Hong Kong brokers blackmailed by hackers with DDoS Attacks

The Hong Kong Securities and Futures Commission revealed some brokerage websites have been hit by DDoS attacks and blackmailed by crooks.

The Hong Kong’s SFC (Securities and Futures Commission) confirmed several brokers in the city has suffered DDoS attacks and were blackmailed by hackers.

“We are alerted by the Police that some securities brokers have recently encountered distributed denial of service (“DDoS”) attacks targeting their websites and received blackmails from criminals.” reads a notice issued by the SFC. “The DDoS attacks have caused service disruption to the brokers for a short period.  It is possible that similar cybersecurity incidents would be observed across the securities industry. “

The Hong Kong’s securities regulator also warned of possible further incidents across the industry.

The regulators in the country have spent a significant effort over the past year to fight cyber threats. According to a survey conducted in November 2016, the average number of cyber attacks detected by businesses in China and Hong Kong grew at 969 percent between 2014 and 2016.

“In a circular to licensed firms late on Thursday, the Securities and Futures Commission (SFC) said it had been informed by the Hong Kong police that brokers had encountered so-called “distributed denial of service” (DDoS) attacks targeting their websites and received blackmails from criminals.” reported the Reuters agency.

The SFC urged companies in the financial center to adopt protective measures, such as DDoS mitigation plans.

“Network architecture, computer servers and network devices should be properly designed and configured to mitigate the risk of advanced and persistent cybersecurity attacks,” SFC said.

SFC urged brokers should configure their servers to avoid ‘reflective amplification’ DDoS attacks.

“Licensed corporations are expected to take immediate actions (including seeking advice from external contracted vendors if they do not possess such expertise and/or resources in-house) to critically review and assess the effectiveness of their cybersecurity controls in place,” SFC added.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Hong Kong, DDoS)