Incident & Breach Response , Managed Detection & Response (MDR) , Next-Generation Technologies & Secure Development

Did London Stock Exchange Outage Involve a Cyberattack?

Report: Authorities Investigating Circumstances Behind August Outage
Did London Stock Exchange Outage Involve a Cyberattack?
(Source: oli2020 via Pixabay/CC)

U.K. authorities are reviewing an August outage at the London Stock Exchange that delayed the opening of trading to determine if a cyberattack was involved, according to the Wall Street Journal, which cites "people familiar with the matter."

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

While the exchange originally said the outage was due to an unspecified software glitch, the U.K.'s Government Communications Headquarters, or GCHQ, which is responsible cybersecurity, reportedly has asked for more information from the exchange, including IT logs and details about production code involved in the outage, according to the newspaper.

The investigators are trying to determine if attackers may have targeted the London exchange, which is the biggest in Europe, to disrupt financial markets or disrupt the country's critical infrastructure, the Journal reports.

The Financial Conduct Authority, which regulates U.K. financial markets, is also re-examining the August incident, according to the newspaper.

A spokesperson for the London Stock Exchange told the Journal that the August incident was not cybersecurity related. Meanwhile, a spokesperson for the GCHQ told the Register that no additional investigation is pending.

Why Now?

The August outage at the London Stock Exchange, the longest since 2011, disrupted the buying and sell of stocks in London for nearly 90 minutes, according to the Guardian.

Both the benchmark FTSE 100 index, which contains the biggest companies listed in London, and the FTSE 250 index for midsized firms were affected by the outage, the Guardian reports.

When the outage happened, London Stock Exchange officials attributed the incident to a software glitch, but they have not offered further details since then, according to news reports.

Brian Honan, the president of Dublin-based cybersecurity consultancy BH Consulting, says that several factors could have led British authorities to investigate the outage at this point.

"We can only speculate that additional information has come to light to spark this investigation," Honan tells Information Security Media Group. "This could be information that came to light while investigating other attacks and evidence from those attacks pointed them back toward the [London Stock Exchange] attack. Alternatively, examination of the logs and evidence from the outage in August by the LSE’s own cyber team and/or the [National Cyber Security Center] may indicate the cause of the outage was by malicious actors."

The systems that safeguard financial institutions, including the London Stock Exchange, should be robust enough to withstand most types of cybersecurity incidents, but this outage is a good reminder that not all critical infrastructure is 100 percent secure, Honan says.

"All systems are vulnerable to attack," he says. "We need to remember that most security controls should not be considered as controls to stop an attack but rather as controls to identify an attack early enough so that we can respond appropriately."

Ongoing Risk

The London Stock Exchange’s latest annual report finds that its executives are growing more concerned over security issues.

Ransomware, distributed denial-of-service attacks and the loss of customer data are growing risks for the exchange, according to its annual report from 2018.

"Such threats could result in the loss of data integrity or disruption to our operations and client-facing services," according to the report. "Additionally, new emerging technologies ... such as cloud computing could impact our cyber security risk profile."

The annual report also points out that the London Stock Exchange is increasingly susceptible to security flaws or attacks that could originate with third-party vendors.

The exchange’s “technology and operational support providers, internal and third-party, could suffer a security breach resulting in the loss or compromise of sensitive information (both internal and external) or loss of services,” the report notes. “Such a breach could [materialize] as a result of weaknesses in system controls or processes, or through the inadvertent or malicious actions of employees, contractors or vendors."

Sources told the Journal that the London Stock Exchange relies on third-party developers to create some of the software used to run day-to-day operations and that the use of these applications is an increasing concern for its security team.


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.