Stock brokerages here hit by cyber attacks
At least four firms suffered DDoS attacks on their online systems lasting for 30 minutes or more last Thursday
Several stock brokerages here were the victims of cyber attacks last week, causing disruptions to their services.
The firms suffered distributed denial-of-service (DDoS) attacks on their online systems, the Monetary Authority of Singapore (MAS) said yesterday in response to media queries.
The New Paper understands that at least four brokerages were hit. PhillipCapital confirmed that two of its companies, Phillip Securities and Phillip Futures, had experienced a "temporary cyber incident" last Thursday and the firm took immediate action to mitigate its impact.
"We are constantly monitoring our IT infrastructure and network capabilities to facilitate a smooth trading environment for customers," a spokesman told TNP yesterday.
The other brokerages did not respond to TNP's queries by press time.
MAS said there was limited disruption to the services of the affected stock brokers as they had activated their DDoS mitigation services.
DDoS attacks stop legitimate users from accessing websites or services by overwhelming the service with unwanted requests from a large number of infected computers. This is done until the target's computing resources are exhausted and its service ceases to work.
The Business Times reported yesterday that last Thursday's attacks caused disruption to traders trying to access their brokerage's trading platforms.
This was believed to have lasted from 30 minutes to almost the entire duration of the Singapore market's morning session, sources told BT.
An MAS advisory was issued after the attacks to alert financial institutions of a heightened risk of DDoS activities.
MAS said it has been working with financial institutions to ensure the sector continues to be resilient to cyberthreats.
In August, MAS issued a set of legally binding requirements setting out the essential measures financial institutions must take to mitigate cyberthreats.
In September, over 250 private and public sector participants, including those in the banking and finance sector, were tested on their response to more complex cyber attack scenarios, including DDoS attacks, as part of an annual multi-sector exercise.
An MAS spokesman said consumers also need to do their part by staying vigilant.
"To safeguard their devices from being used as bots to launch DDoS attacks, consumers should adopt good cyber hygiene practices such as installing anti-malware software and updating security patches regularly," she added.
Mr Tony Jarvis, chief technology officer for Asia-Pacific at cyber security firm Check Point Software Technologies, said everybody is fair game when it comes to DDoS attacks.
HARD TO DEFEND AGAINST
Easy to perform and hard to defend against, the threat is not limited to a specific industry.
He told TNP: "These attacks do occur from time to time but unless a prominent site or service is taken offline, they tend to go unreported."
While it can be argued that DDoS attacks may not pose as much of a concern since no theft of intellectual property or customer data takes place, Mr Jarvis said the damage left behind can still range from reputational damage to loss of revenue.
FireEye Intelligence's senior analyst Lim Yihao said financial services firms have historically been high-value targets.
"They own large volumes of sensitive customer data, know about sensitive news that will influence markets and own a huge volume of financial assets," he added.
Mr Lim said DDoS attacks are also evolving and more cyber criminals are using them to threaten businesses for a fee.
In some cases, they are also used to divert IT and security resources while malware or other malicious programmes are installed to help steal data.
When asked how organisations can defend against and mitigate DDoS attacks, Mr Lim said there must first be an incident response plan.
Organisations should also be able to distinguish between high volumes of normal traffic and general DDoS attacks, and they can use blacklisted IP addresses or previous incidents to filter out legitimate traffic.