Over the last two weeks, a series of connectivity outages have been reported affecting Internet access for hosted customers of oneZero Financial Systems, one of which is Sydney-based broker IC Markets. The outages occurred as several other brokers cited complications with cybersecurity breaches or attempts.
According to IC Markets, which uses oneZero to host its MetaTrader 4 environment, it was targeted by a sophisticated Distributed Denial of Service (DDoS) attack with the aim of disrupting its trading environment. Similar to other DDoS incidents, this attack was based on creating a flood of messaging attempts at a server or network to slow it down or ultimately bring it down altogether.
Andrew Budzinski, Director at IC Markets, explained that when the outages first began, he consulted with oneZero. Based on how the outage took place, the initial belief was that there had been a hardware problem that led to routers being replaced. However, when the problem persisted it led to further investigations with its ISP.
Further investigations and consultations with cybersecurity specialists concluded that the ultimate problem was due to an ongoing DDoS attack aimed at IC Markets’ servers. Budzinski explained that the attack was conducted in a way that masked that it was a DDoS and mimicked an ISP issue. This included repeatedly changing the patterns and style of the attack allowing it to get stronger and weaker, and at times ramping up to levels that saturated oneZero’s entire network.
Although the outages were experienced by their MetaTrader 4 customers, IC Markets also operates a cTrader environment, external “DataCenter” or access points, and other infrastructure that was also targeted.
Implementing a Solution
Discovering the problem, and its source emanating from 60,000+ Chinese IP addresses, oneZero and IC Markets have put in place measures to mitigate the outages. Among these are the use of extra datacenters and installation of additional specialized DDOS mitigation hardware.
According to Budzinski, since putting these measures in place, they have been able to prevent further outages from occurring. According to Andrew Ralich, CEO of oneZero, the additional measures being used to route traffic and prevent future attacks represent the most robust solution available.
Pure Markets' CEO Talks Business Model, 2020 OutlookGo to article >>
As to who is behind the attacks, Budzinski stated, “We believe this is likely to be a competitor” and is based on a paid attack to hackers to cause interruptions to IC Markets and oneZero customers.
Ultimately, although the attack was aimed at IC Markets, it has caused collateral damage on other brokers within oneZero’s trading network, and also other technology providers. In addition to oneZero’s traditional role as a provider of Bridging, Aggregation and Risk Management software to a large base of FX brokers and prime brokers, oneZero provides hosted options for MetaTrader 4 and liquidity connectivity services to dozens of forex and CFD brokers.
Therefore, as IC Markets was attacked, so too was a hosted environment being operated by oneZero. According to Ralich, once the target of the attacks was discovered, it was possible to isolate the problem to mitigate further issues for other brokers.
Following the preventative measures put into place by oneZero, attacks were also experienced by networks operated by PrimeXM, BeeksFX and routing provider IPTP. These providers’ networks were used by IC Markets at the onset of the attacks to assist in creating a solution to circumvent the DDoS.
In speaking with Andrew Ralich, we have learned that these providers worked in close cooperation with each other once the nature of the attack was discovered and mitigated on oneZero’s infrastructure, and similar measures were immediately put in place across other providers, limiting the extent of the outages.
Looking ahead, Budzinski believes that IC Markets and oneZero have put in place a solution that should provide for the most secure trading environment possible. He added that if in fact it was a paid attack it may have cost around $5,000 an hour.
Ralich added that the sophistication of this attack and the challenges it presented are an industry-wide threat, and encouraged an open dialogue among FX market participants on how to collaboratively approach and avoid similar issues in the future. “Our sincere thanks go out to our clients for their patience during this attack, to PrimeXM, BeeksFX and IPTP for their openness in cooperating in the interest of our mutual clients, and the FX space as a whole.”