This morning, Reuters is reporting that the HK stock exchange was forced to suspend trading in a number of names on Wednesday due to a suspected cyber attack on its public web site.
The attack prevented investors from accessing corporate announcements made during the exchange’s mid-day break. As a result, trading in companies who made such announcements (including such well known names as HSBC and Cathay Pacific) was suspended for the afternoon session.
The general take away from this incident is that attackers look for “low hanging fruit” when choosing their targets. I am sure that the HK Exchange’s back end systems are protected by many layers of firewalls, intrusion detection systems and other technology. The public web site is, well, public and is thus by necessity much more exposed to attack – and an easier target.
The lesson? There really is no such thing as a non critical system these days… every system needs to be designed as if there are hoards of attackers just waiting to pounce… stay paranoid!
RSS - Posts
The attacks (now identified as a DDOS attack from a network of PCs based mostly outside of Hong Kong) continue as per this Financial Times article:
http://www.ft.com/intl/cms/s/0/a2bf2dc4-c419-11e0-b302-00144feabdc0.html#axzz1UkcC52XU