A security incident could have compromised millions of dollars. According to web application security specialists, the chief executive of the Hong Kong Stock Exchange recently admitted that the platform was targeted by a series of cyberattacks detected over the last six days.
In addition to these attacks, some local media
reported a massive disruption to stock
exchange operations; however, the official claims that this incident
was a failure in the computer systems of the stock exchange, so it is not the
responsibility of a hacker.
After multiple investors reported difficulties
when conducting some trades in the exchange-derived futures trading system,
chief executive Charles Li acknowledged the incident to the media. “Our
web application security team detected some connectivity issues, so we
suspended system usage so as not to destabilize the rest of the exchange’s
operations,” the executive said.
All stock exchange activities were resumed this
Friday morning, after it was announced that software failures had been
corrected, specifying that the error originated from a third-party service that
managed to extend to the Hong Kong stock exchange backup systems.
During his media appearance, the chief executive also mentioned that the Hong Kong stock exchange was the victim of a denial of service (DDoS) attack targeted against their website; during this incident, the hackers overloaded the network and affected the website’s request processing capacity, so it was not possible to publish up-to-date information, according to the report of the stock exchange’s web application security team.
Charles Li asked investors to remain confidence
and not lose patience, as the incident has already been contained: “We
will continue to improve to secure trading on the stock exchange, we expect
users to have confidence in our system,” he added.
Although the incident did not result in the
losses that were calculated at the outset, web application security experts
from the International Institute of Cyber Security (IICS) are not entirely
convinced by Li’s claims. “Saying it was all a software error is too poor
an explanation,” a cybersecurity consultant said. “There must be
something else behind the stock market manager’s words,” he
concluded.
It is important to add that this is not the
first time that a DoS attack on the stock exchange is detected, as in 2011 a
similar incident achieved to cripple operations for nearly $200 billion USD
value. The Hong Kong Stock Exchange became fully electronic at the end of 2017,
making it a very attractive target for multiple groups of threat actors.
To prevent future incidents, the Hong Kong
Stock Exchange has released a budget of about $250 million to upgrade its
computer security systems.
