Around 16 brokers, including big brokerage houses such as IIFL Securities, 5 Paisa and Axis Securities, have been affected by a ransomware attack that targeted a data centre managed by Comtel on December 9, according to sources.
The brokers were blocked by two of the three leading exchanges and would have needed to a certificate from certified auditors to regain access to the exchanges, as per the laid-down norms of the market regulator, Securities and Exchange Board of India (SEBI), the sources added.
The data centre managed by Comtel houses stock brokers' servers and other networking equipment. It provides various services, including rack space, power and bandwidth, and also rents out hardware. The services are, usually, used by brokerages to better manage costs. Brokerages can either maintain their own data centres or use shared services as provided by Comtel.
In an interaction with Moneycontrol, Comtel's team said that only a small number of their broker clients were impacted. The team said that they cater to nearly 250 brokerages and, in that, only 16 were impacted. In the early hours of December 9, their broker clients reported not being able to access their servers and the Comtel's team quickly isolated the impacted systems. According to the team, they were able to start restoring services by 11 am and were able to restore most of the services by end of the day except for brokers who had their own hardware in the data centre. Comtel manages virtual machines for many of these brokers and provides more limited services to brokers who have their own hardware in the data centre. In both cases, the brokers decide which firewalls are used to protect their systems and when to open and close the ports through which the data flows, the Comtel's team said.
On December 10, Axis Securities informed Moneycontrol that currently their systems are fully functional. The brokerage's statement said, "All our systems remain fully operational and unaffected. There is no risk to our client data or business continuity as our infrastructure is independent. We remain committed to upholding the highest security and compliance standards to ensure seamless and secure operations." Moneycontrol has written to the other brokerages and the article will be updated when their responses come in.
Also read: "Ignorance of law cannot be an excuse": SEBI fines Premier Polyfilm for related-party transactions
Where did it originate?
According to our sources, the threat may have infected a sister concern Symphony's multi-asset order management system (OMS), too. This may even have been the entry point for the data centre to be affected, according to the sources. But if the attack was limited to the OMS, then the extent of the risk may have been limited to those clients whose orders are routed through this system. However, there was fear that with the data centre compromised the risk may have been wider.
According to the sources, it is feared that the details of the clients could have been accessed through the data centre and their order flow could have been compromised. Usually, this is the pattern of the order flow: from a client to a broker, from a broker to a data centre and from a data centre to the exchanges.
Following the ransomware attack, the sources said that the Multi Commodity Exchange (MCX) and National Stock Exchange (NSE) have closed down access for most of these brokers in line with the SEBI rules.
But Comtel's team said that none of the clients' data was compromised and that the loss was limited to loss in trading hours and the resultant opportunity cost. They added that it is still not clear if the threat originated from Symphony's OMS. They have hired the services of an auditor and an independent expert to ascertain how the attack was launched, and the team said that they would be presenting their broker clients with where the gaps where.
SEBI norms stipulate that the brokers need to obtain certificates from Certified Information Systems Auditor (CISA), who must unequivocally state that systems are free from any ransomware and are operating smoothly. Only on the basis of this certification, the exchanges allow brokers to operate, the sources added.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
