Armada Collective deadline passes: The aftermath
The industry collectively held their breath when 13th July, 2017 came… and went without much fanfare. Cyber extortion group, Armada Collective last week, had threatened to flood online trading servers with too much traffic, effectively triggering a Distributed Denial of Service (DDoS) attack, unless a ransom of 10 bitcoins from each brokerage firm was paid before that fateful date.
At time of writing this, 13th July is finally over, but some parties are taking into account the possible different time zone. For the Armada Collective, the day to attack may not be over yet.
Many parties are also not taking the threat seriously. They refer to the popular wisdom of CloudFlare’s blog entry that CloudFlare has “…been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack.” (CloudFlare’s latest blog entry about the matter can be found here.)
This is their conclusion after they ‘surveyed’ over 100 existing and prospective customers. CloudFlare is a US company that provides DDoS protection services among others.
In spite of this conclusion, perhaps just as many parties are taking doing the necessary to protect themselves, anyway.
Alan See, the co-founder and CEO of cybersecurity and consultancy services provider, Firmus, said, “There is no sign of any DDoS attack. The deadline to pay was 12th July, and failure to pay would see the perpetrator launch a full scale attack on 13th July 2017 (yesterday).
Referring to his various sources in the industry, See found that, “So far, the industry is okay and we are monitoring everything closely.
“So, Bursa Malaysia, local regulator MCMC, online trading vendors and all ISPs are now working together and taking all necessary precaution as per advice by experts.”
Not much is known in terms of whether DDoS attempts had been (or are being) made and whether DDoS mitigation services have successfully thwarted them.
But has anyone paid?
The next question that remains is whether any online brokerages in Malaysia has paid the 10 bitcoin ransom to Armada Collective.
CloudFlare, has blogged before that some targets had paid the ransom, when similar threats were made to other brokerage firms in other countries Ie. Taiwan, Korea.
See doubted that any payment was made this time, reasoning that, “It would be a bad idea. Once they know that you pay the ransom, they may do it to you again and claim themselves to be another extortion group!”
Some industry players have opined about the possibility that after a lapse of a few weeks, when the threat is thought to be over and when everybody’s guards are down again, a cyberattack would indeed happen.
Perhaps, the best idea would be to adopt a state of constant vigilance.
This is always easier said than done, but the viciousness and stealthiness of cyber attacks and cyber threats have increased exponentially to the point, there is no other state for an organisation’s security posture to realistically be at, but to always be on the lookout and to always assume defense has already been compromised.