October 26, 2016

Two Days of DDoS Attacks Affect Hong Kong Stock Exchange News Web Site

(LiveHacking.Com) – The web server used by the Hong Kong Stock Exchange to post company announcements has come under two days of denial of service attacks. This has resulted in changes to the way the exchange makes important company announcements, including quarterly and yearly financial results, available to the exchange members.

The hkexnews.hk site, where Hong Kong-listed companies such as HSBC bank and Cathay Pacific airline post their announcements, to comply with disclosure requirements, came under attack on Wednesday. The exchange then implemented a filter mechanism to fend off further attacks. On Thursday Hong Kong Exchanges and Clearing Limited (HKEx) said it is still observing malicious traffic attempting to access the HKExnews website and is continually adjusting and strengthening the filter mechanism.

In a statement, Hong Kong Exchanges said “In the course of the investigation, it was determined that a mixture of attacking techniques had been deployed to intentionally interrupt the operation of the HKExnews website. The malicious traffic originated from a network of personal computers, the majority of which were based outside Hong Kong.”

As a result of these attacks the HKEx has adopted a number of measures to ensure that investors have timely access to announcements by issuers.

These measures include a bulletin board service that contains a list of all documents published by issuers, paid advertisements in selected local newspapers with a list of companies which plan to release results announcements and email summaries of the notices of announcements published on the Bulletin Board.

This DDoS highlights the dangers of the dependance on a single resource. To alleviate the risks in the future, HKEx will seek to implement a more decentralised model for investors’ access to company announcements.