The Indian central depository services (CDSL), which was hit by a cyberattack on November 18, has resumed work from Sunday. The clearing and settlement services at the depository, which were halted following the attack, have been restored.
As per reports, the malware impacted some of the company’s internal machines due to which those systems were isolated and disconnected from those connected to the capital market.
The Central Depository Services (India) reported the incident to law enforcement agencies and began investigating the issue in coordination with its cybersecurity advisors. The impact of the malware attack on CDSL is not fully known yet since the investigations are ongoing. Much has not been disclosed about the cause of the malware and the perpetrator behind it.
CDSL clarified that there was no reason or evidence to suggest that any confidential information or investor data was exposed to cybercriminals. The halted work at CDSL was completed with the help of other market infrastructure institutions (MIIs). Some brokers stated that pay-in, pay-out, pledge or unpledged securities for margin were inaccessible due to the malware attack. Trading was not impacted. CDSL alerted the stock exchanges about this incident.
Bombay Stock Exchange advisory
The Bombay Stock Exchange published an advisory for its customers asking them to maintain caution in handling their devices. The advisory addressed to its stockbrokers, trading members and clearing members had a few IOCs to be validated. It also contained some advice on updating the anti-virus or firewall and malicious command and control (C&C). The C&C IP subnet was:
- 5[.]44[.]42[.]0[/]24<_o3a_p>
- 188[.]34[.]187[.]110
- v5sqpe[.]dotm
They were asked to block USB usage <_o3a_p> and alert the users about the threat to avoid downloading suspicious attachments. They were asked to apply patches to Windows operating system and Microsoft Office products. It was stressed to put in place the mechanism required to detect emails with trojans or other malicious content. The following sensitive file extensions were asked to be blocked:
- .exe
- .rtf
- .vbs
- .js