It is practically impossible to estimate the associated losses and profits however, it is clear that somebody tried to make money out the disruption.
The site stayed offline for a further day, and trading in the dependent positions was also suspended. As a result, trading in the shares of seven companies, including HSBC, Cathay Pacific, China Power International and associated derivatives, had to be suspended. Interestingly, the attackers did not target the stock exchange’s main site, but one which publishes important announcements from the market’s largest players. On 10 August, a DDoS attack was launched against a Hong Kong stock exchange website. One way of staying ahead of the competition is by arranging DDoS attacks, as we saw in late summer 2011. However, if people can “jump the queue” and ensure they are always first with the news, this can generate a very good profit. All this is feasible only if all parties can get the latest information in a timely manner. Stock markets are challenging places to do business: participants must be able to analyze the present situation, predict how things will unfold for the entire market and for the companies whose shares they are interested in, and react swiftly to breaking news. DDoS attacks were launched from computers located in 201 countries around the world.The largest number of DDoS attacks in the second half of 2011 – 384 in number – targeted a cybercriminal portal.The average duration of a DDoS attack was 9 hours, 29 minutes.The longest DDoS attack in the second half of the year lasted for 80 days, 19 hours, 13 minutes and 5 seconds, and targeted a travel website.The average attack prevented by Kaspersky DDoS Prevention in the second half of 2011 was 110 Mbit/sec – an increase of 57%.In the second half of 2011, the maximum attack power repelled by Kaspersky DDoS Prevention went up 20% compared to the first half of the year, and amounted to 600 Mbit/sec, or 1,100,000 packets/sec (UDP flood with short packets of 64 bytes).
All statistical data used in this report were obtained using Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention.