Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label NSE. Show all posts

Sebi Collaborates with NSE and BSE to Thwart Cyber Attack Threats

 

The Securities and Exchange Board of India (Sebi) in partnership with the nation’s two popular stock exchange – the National Stock Exchange and the Bombay Stock Exchange – are designing a system to counter the threat of cyber assaults on stock exchanges, its chairperson Madhabi Puri Buch said at an event organized by Indian Institute of Management (IIM) Bangalore earlier this week. 

Under the new mitigation system which will be rolled out in March next year, the data of every customer’s trading and collateral on exchange A will be stored in a server located next to exchange B’s, in their data center. 

“If exchange A goes down, and if it is determined that it is on account of a software attack, or cyber security attack, and it is not possible for their disaster recovery site to come in time, Sebi will press the button for that data to be uploaded on exchange B,” Buch explained. This mechanism will assist all the participants in the market to operate on exchange B as they were operating on exchange A. 

The market regulator has also designed algorithms in-house that can flag cases of misconduct, front-running, and insider trading. 

“We worry a lot about cyber security. When this system kicks in, we would have prevented something (like a cyber-attack),” Buch added. 

 According to the SEBI chief, a line is needed to be drawn on financial influencers and their impact. We cannot act against wrongdoings if there is not a contract signing between an influencer and a person who follows their financial advice. 

Last month, the regulator brought out public service messages, warning customers from taking financial advice from individuals who are not registered with Sebi as investment advisors. 

Additionally, stock exchanges at the behest of the regulator have also ramped up efforts to warn investors against following stock tips via unauthorized texts and sharing dematerialized account details with such entities. 

“Reality is that the regulators will always be one step behind but hopefully not too many steps behind. The modus operandi of wrongdoers in the financial market may continue to evolve as the underlying technology evolves. The idea is to make it harder and harder for people to do bad things, “Buch concluded.

India’s Finance Software Powerhouse NSE Blown By EpsilonRed Ransomware

 

Nucleus Software Exports, an Indian financial software company has witnessed a major ransomware attack. The company that facilitates Indian banks and retail stores with software has suffered severely in regard to its internal networks and encrypted essential business data. 

As per the latest data, Nucleus Software Company is a leading provider of Banking and Financial Services and is also known for lending and transaction banking consultancy services to the global financial services industry. 

In the wake of the security incident, the company reported that they filed a report on Tuesday with the Indian National Stock Exchange authority, which said that the incident occurred on May 30, and the group that has attacked the system is known as ‘EpsilonRed’. 

Alongside, the NSE published its quarterly report in which it wrote that the company’s cyber-security researchers' team is working hard to get back its sensitive business credential, and towards fixing the damaged part of the system. Meanwhile, the company’s spokesperson assured their customers and said, “So far as sensitive data is concerned, we’d like to assure our customers that there is NO financial data of any customer available/stored with us and therefore the question of any leakage or loss of client data does not arise’’. 

The researchers' team from the cybersecurity community has disclosed that the ransomware that caused damage to the NSE’s network which is colloquially known as EpsilonRed, is also known as BlackCocaine. EpsilonRed/BlackCocaine is a different type of ransomware that has been discovered very recently. 

UK security firm Sophos had first reported on this new strain, last month. According to the Sophos report, the EpsilonRed gang makes its victims from unpatched Microsoft Exchange email servers, target the ProxyLogon exploit, after getting full command into the system, hackers install a collection of PowerShell scripts that gives access to hackers into the inside of a victim’s network. 

Furthermore, Sophos told that the ransomware gang got success in some of its attacks, and made payments of around $210,000 from its previous attacks. 

NSE has not disclosed the exact details of the breach nor if it followed the demand of the hackers. However, it is widely accepted that the attack was caused by an Exchange server.