The attack prevented investors from accessing corporate announcements made during the exchange’s mid-day break. As a result, trading in companies who made such announcements (including such well known names as HSBC and Cathay Pacific) was suspended for the afternoon session.
The general take away from this incident is that attackers look for “low hanging fruit” when choosing their targets. I am sure that the HK Exchange’s back end systems are protected by many layers of firewalls, intrusion detection systems and other technology. The public web site is, well, public and is thus by necessity much more exposed to attack – and an easier target.
The lesson? There really is no such thing as a non critical system these days… every system needs to be designed as if there are hoards of attackers just waiting to pounce… stay paranoid!