Cyber Incident Victim: Hong Kong securities brokers

On January 26, 2017, Hong Kong’s Securities and Futures Commission (SFC) publicly disclosed that multiple securities brokers in the city had been targeted by distributed denial-of-service (DDoS) attacks. The regulator issued a circular to licensed firms after receiving information from the Hong Kong police, confirming that attackers had disrupted broker websites by overwhelming them with malicious traffic, causing temporary service interruptions. Concurrently, affected brokers received blackmail demands from the perpetrators, though the specific ransom amounts or payment methods were not disclosed. These incidents occurred against a backdrop of escalating cyber threats in the region, with a November survey cited by regulators revealing a 969% surge in detected attacks against firms in Hong Kong and mainland China between 2014 and 2016. The SFC characterized the disruptions as lasting for "a short period" but did not specify the exact duration or identify the targeted firms.

The SFC warned the securities industry to anticipate similar attacks across the sector, emphasizing the need for heightened vigilance. In response to the incidents, the regulator mandated that all licensed entities implement immediate protective measures, including comprehensive reviews of their IT infrastructure and the development of DDoS mitigation strategies. This directive aligned with broader regulatory efforts underway since 2016 to strengthen cybersecurity defenses within Hong Kong’s financial sector. While the attacks did not compromise customer data or transaction systems according to available reports, they disrupted online services critical to brokerage operations. The SFC’s notification underscored the operational vulnerability of financial institutions to DDoS attacks while avoiding detailed commentary on investigation progress or attribution of responsibility for the attacks.