PETALING JAYA: Hackers who incapacitated several local brokerage firms are believed to belong to the Armada Collective, according to IT security specialist LGMS.
It based this on the ransom e-mail it managed to obtain, although LGMS founder C.F. Fong said it could just be a group of copycat hackers, maybe even one operating from Malaysia.
The Armada Collective is reported to have been responsible for attacks on five Taiwanese brokerage firms in February and several financial institutions in Switzerland in 2015.
The attackers were demanding a ransom of 10 Bitcoins (worth RM110,500), said Fong.
“One of the ransom deadlines given by the hackers is July 13. If the broker fails to pay, the hackers will attack again,” he said.
The hackers used a DDoS (distributed denial of service) attack which floods the victims’ servers with irrelevant traffic so that they are unable to respond to legitimate requests, resulting in downtime.
They have threatened to increase the frequency of attacks if the victims failed to pay, or tipped the media off, added Fong.
He advised companies not to give in to the ransom demand, saying they would be better off investing in counter-measures.
Symantec Asean director of systems engineering Halim Santoso recommended deploying intrusion prevention and detection software, adopting data loss prevention technology and stepping up traffic monitoring.
He said organisations should always stay vigilant even if they felt that they would not be targeted, and advised them to have a proper incident response plan.
CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab said the agency has received four reports on the ransom e-mails.
He said three of the reports were from stockbrokers while the other was from a bank.
Already a subscriber? Log in
Get 20% OFF The Star Digital Access
Cancel anytime. Ad-free. Unlimited access with perks.
