Ransom DDOS attacks hit Malaysian financial firms: Experts advise action plan for IT

(UPDATED 17 July 2017) Following reports of new DDOS attacks late last week, Computerworld Malaysia reached out to local security experts for advice, such as Geo-IP blocking, to IT admins and business leaders.

By AvantiKumar
July 17, 2017


cybersecurity - GraphicStock

Credit: GraphicStock

 

 [Updated 16 July 2017]  See Update section towards end of this article. This article was first officially published on 10 July 2017

Digital security agency CyberSecurity Malaysia has confirmed that as of Friday (7 July 2017) a DDOS attack has hit four financial firms.

Early reports suggest that the DDOS (distributed denial of service) attacks, which come close on the heels of the recent WannaCry and Petya-variant threats, focused on  several online brokerages on Wednesday (5 July 2017) and then on Friday.

Dato' Dr. Haji Amirudin Abdul Wahab (pic below), chief executive officer of CyberSecurity Malaysia, said:   "We are investigating, monitoring and working closely with other agencies to mitigate this threat. As of Friday, 7 July 2017, we received a total of four (4) reports on this threat."

CWSS - Keynote Dato' Dr Amirudin - CyberSecurity Malaysia

Three of the reports are linked to stockbrokerages, the fourth to a bank. The national regulator Malaysian Communications and Multimedia Commission (MCMC) is investigating the disruption.

Former white hat hacker turned financial security consultant LGMS director,  Fong Choong Fook (pic below), told local media that some of the brokerage firms may have been attacked by a group called the Armada Collective although he does not rule out copycat attackers.

The attackers were demanding a ransom of 10 Bitcoins (worth RM110,500), Fong added. "One of the ransom deadlines given by the hackers is July 13. If the broker fails to pay, the hackers will attack again."

Fong (new) - done

On Sunday evening (9 July 2017 update), Fong told Computerworld Malaysia that so far he has not tracked any payments made to the Armada Collective.  

He also said the affected companies are "now using 'Clean Pipe', and traffic scrubbing services. Previously, the affected brokers and investment banks had not sufficiently prioritised cybersecurity. I think this attack serves as a Wake Up call to everyone: Hackers don't discriminate, regardless of the size of organisations, they will come and they will attack."

Looking slightly ahead, he warned of attacks on other sectors: namely "Healthcare, Hospitality, and critical national infrastructure operators - such as Telcos, Water, Energy, Transportation, and so forth."

1  2  3  4  Next Page 

SPONSORED LINKS

ADDITIONAL RESOURCES