Brokers put fences up
Firms in the region take precautions against cyber attacks on stock trading
PETALING JAYA: Stock brokers in the region, including Malaysia, have put up their fences in view of several cyber attacks last week.
Among the measures taken are to allow their clients to transact through telephones or use alternative “clean pipes” to filter and ensure only the genuine orders go through the system.
Since last Wednesday stock brokers in the region have been hit by cyber attacks known as DDoS (distributed denial-of-service). So far most brokerages have shut down their system when they are under attack and go through the traditional way of conducting transactions.
“That is until they get clean pipes to start the online trading. So far there is no financial impact. It slows down transactions a little,” said a broker.
The attacks involve cyber criminals using hijacked or virus-infected computers that target websites of brokerages and pump in an extraordinarily high number of orders forcing the IT systems of the firms to be overwhelmed and unable to function.
A stock broker said that fortunately the number of transactions conducted online in the region is still small compared with other parts of Asia.
“For instance, in Malaysia online trading is only about 20% of total trade unlike in Hong Kong, South Korea or Japan where the online trading volume is high,” said a broker.
The broker added that stock brokerages in more advanced financial centres such as Hong Kong have been under cyber attacks for the past few years and they have increased of late.
In Hong Kong, cyber attacks have been a grow- ing menace and according to a report in January this year, firms in China and Hong Kong have encountered an increase in such attacks by 969% between 2014 and 2016.
However, so far there has been no reported incidences of stock brokers giving in to the demands of the cyber group because it was not the solution to the problem.
“Like many other industries, stock brokerages simply need to increase their protection of IT systems,” said a broker.
A spokesperson from a brokerage said that since the attack on Wednesday morning, some of the affected brokerages were receiving share orders from their clients by phones or were conducting their transactions through clean pipes.
“It’s just going back to basics until the system is
up and running again,” said the official.
He added that the mechanism of clean pipes involve filtering client orders which are genuine from the fake ones. Its disadvantage, he said, was that the capacity to filter orders may be limited.
A spokesperson from another brokerage concurred that clients could be charged marginally higher rates when placing share orders through phones.
“However most brokerages are not charging any extra fees as volume on Bursa Malaysia has been low,” said the official.
A few brokerages when contacted said they did not make any payments for the ransom demanded from the cyber attackers.
“To my understanding, it only slowed down the orders. On Friday morning, the attack lasted for about an hour. After that it was back to normal. We have been getting orders from our clients again,’’ a broker said.
In terms of trading volume on the exchange, total turnover last Friday stood at 1.31 billion shares valued at RM1.54bil compared with 1.49 billion shares (valued at RM1.69bil) on Wednesday when disruption from the cyber attacks started and the day before (Tuesday) turnover was 1.9 billion shares valued at RM1.8bil.
Analysts said the lower trading volume last Friday was due to poor sentiments and the extended holiday period where activity was still low and not due to the cyber attacks.
Meanwhile, the Malaysian Communications and Multimedia Commission (MCMC) was looking into reports of suspected cyber attacks disrupting online trading at several local brokerages.
The regulator said it was assisting the stock exchange in investigating the disruption.
This came after several brokerages alerted clients that their online broking services had been disrupted by the suspected cyber attacks once again after a similar disruption on Wednesday.
Jupiter Securities Sdn Bhd was among the broking companies affected, and sent out an email to clients to update them of the situation.
The Securities Commission (SC) said in a statement on Friday that it was closely monitoring potential cyber incidents, adding that the management of cyber security risk remains a high priority for the SC.
An SC spokesperson said it has also requested market participants to remain vigilant of any cyber threats, adding that last week the SC detected several anomalies and directed Bursa Malaysia and brokers to be on high alert and implement necessary risk-mitigating measures.
To date, the regulator noted no significant disruption in trading and the market continues to operate in an orderly manner.
The SC is also working closely with relevant agencies including the National Security Council and MCMC to track cyber risks and manage potential cyber security incidents.