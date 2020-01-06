Loading...

The UK government is re-examining the London Stock Exchange outage to determine if a cyber attack was the cause of a software error.

The disruption of the LSE occurred on August 16, 2019. A “software error” was blamed in which traders early on Friday morning were unable to buy or sell shares for more than an hour and a half.

Both the FTSE 100 and FTSE 250 indexes were affected.

At the time, LSE officials said that “a technical software problem” was at the heart of the matter and offered no further details.

A cyber attack was not thought to be the culprit, but according to the Wall Street Journal, an investigation is underway that suggests that the incident might not have been solely due to software issues.

Sources familiar with the case told the publication that the UK Government Communications Headquarters (GCHQ) wants to find out if the malfunction was due to hackers “trying to disrupt markets,” and the intelligence service has contacted in the last two months with the exchange for Extra information.

It is also thought that the UK Treasury is involved.

According to the WSJ, the internal systems were updated at the time of the outage. It is possible that, while the upgrade was in progress, this might have opened up operating systems and paved the way for a cyber attack.

An LSE spokesperson said that a “technical software configuration issue after functionality upgrade” was the cause – rather than a cyber attack – and that the exchange “thoroughly investigated the root cause of the problem” in an attempt to identify future prevent trade distortion.

The LSE group said in its latest annual report (.PDF) that the risk of cyber attacks continues to grow and that the exchange “continues to invest to ensure cyber resilience and regulatory compliance.”

“In addition to meeting current cyber and data protection requirements, LSEG also complies with key operational data and cyber controls and standards required by regulations,” added the exchange. “LSEG continues to monitor and collaborate with regulatory authorities and industry leading working groups on the development of regulatory frameworks and appropriate harmonization of standards in different jurisdictions.”

As we saw in the recent security incident Travelex, where services offered by external companies, including Tesco Bank and HSBC, were taken offline along with the main Travelex currency purchase service after a malware infection, the domino effect of a potential cyber attack on the LSE may enormous for companies and investors trading on the platform.

In a conversation with ZDNet, cyber security expert Jake Moore from ESET said:

“When such a crucial company is attacked, many external organizations in different sizes can be affected. Stock markets are of course aware of this increased risk of attacks and have a higher level of security for such attacks. However, if threat actors are persistent enough they continue to make attempts through a series of access points, and there is only so much protection that can be appropriate. ”

