The Hong Kong’s SFC (Securities and Futures Commission) confirmed several brokers in the city has suffered DDoS attacks and were blackmailed by hackers.
“We are alerted by the Police that some securities brokers have recently encountered distributed denial of service (“DDoS”) attacks targeting their websites and received blackmails from criminals.” reads a notice issued by the SFC. “The DDoS attacks have caused service disruption to the brokers for a short period. It is possible that similar cybersecurity incidents would be observed across the securities industry. “
The Hong Kong’s securities regulator also warned of possible further incidents across the industry.
The regulators in the country have spent a significant effort over the past year to fight cyber threats. According to a survey conducted in November 2016, the average number of cyber attacks detected by businesses in China and Hong Kong grew at 969 percent between 2014 and 2016.
“In a circular to licensed firms late on Thursday, the Securities and Futures Commission (SFC) said it had been informed by the Hong Kong police that brokers had encountered so-called “distributed denial of service” (DDoS) attacks targeting their websites and received blackmails from criminals.” reported the Reuters agency.
The SFC urged companies in the financial center to adopt protective measures, such as DDoS mitigation plans.
“Network architecture, computer servers and network devices should be properly designed and configured to mitigate the risk of advanced and persistent cybersecurity attacks,” SFC said.
SFC urged brokers should configure their servers to avoid ‘reflective amplification’ DDoS attacks.
“Licensed corporations are expected to take immediate actions (including seeking advice from external contracted vendors if they do not possess such expertise and/or resources in-house) to critically review and assess the effectiveness of their cybersecurity controls in place,” SFC added.
(Security Affairs – Hong Kong, DDoS)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.