Commodities exchange MCX has hired a global consultant to look into the ransomware attack that targeted multiple brokerages recently.
According to sources, the exchange has hired EY to investigate the cyberattack that cut off over 16 brokerages from contact with MCX servers on December 9.
Moneycontrol has written to MCX and EY and the article will be updated when their responses come in.
In the early hours of December 9, when brokerages tried to log into their servers, they saw a message that their access had been cut off, that it was a ransomware attack, and that they should reach out to an unknown entity to resolve this.
The attack had targeted servers at data centres managed by third-party vendors.
Also read: MC exclusive: Ransomware attack targets data centre that services around 16 brokers
Vendors such as Comtel manage the space and other infrastructure, such as electricity or data connectivity, for brokers to house their servers. These vendors may even provide virtual machines or hardware.
Most of these servers were kept at one data centre managed by Comtel. A smaller number of brokerages who had servers at data centres managed by other entities were affected too.
In this instance, the one commonality was that all the affected brokerages were using Comtel's sister concern Symphony's order management system, which is a client-facing application. That said, there is no evidence that the attack originated from this application and, as Comtel's team had told Moneycontrol, most of the other users of this app were unaffected.
Also, less than 10 percent of Comtel's client base of nearly 250 brokerages were affected.
According to Comtel, none of the brokerages contacted the entity that launched the ransomware attack and reached out to Comtel's team to resolve the issue.
Regulatory protocol demands that when brokerage systems are down for a period of time, they must inform the exchanges immediately. When the number of brokerages reporting such incidents to the exchange went up steadily, there were concerns that trading for that day and the next may be affected.
There were also worries that confidential details of the brokerages' clients may have been breached. But later, Comtel told Moneycontrol that the data accessed only pertained to the previous day's trading. However, the company has launched an investigation by hiring a certified auditor (as is the regulatory requirement) and an independent expert to understand what went wrong and where the gaps were.
Meanwhile, according to sources, the exchange has hired the consultancy to investigate the incident.
SEBI guidelines
The Cyber Security and Cyber Resilience Framework (CSCRF) for stock exchanges, issued in 2015, says, "Alerts generated from monitoring and detection systems should be suitably investigated, including the impact and forensic analysis of such alerts, in order to determine activities that are to be performed to prevent expansion of such incidents of cyberattack or breach, mitigate its effect, and eradicate the incident."
The guidelines for stock brokers under the CSCRF framework effective April 1, 2019, cover access control, physical security of critical systems, network security management, data security, and so on. They have been asked to also instruct their vendors to adhere to these guidelines.
The regulations ask brokers to analyse any incident that leads to loss or destruction of data or systems, and to incorporate any lessons learnt from this. It also asks them to submit quarterly reports which capture information on cyber attacks and measures taken to mitigate such threats to exchanges.
This August, the Securities and Exchange Board of India (SEBI) released a new CSCRF. This has to be implemented by January 1, 2025, by six categories of registered entities (REs) for which a cybersecurity and cyber-resilience circular already exists. For the other REs, the deadline is April 1, 2025.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
