October 13, 2017

Olymp Trade trusts professionals the fight against cyber attacks

The financial company Olymp Trade emerged in 2014, and in such short time managed to occupy an exceptional place in the market. The usage statistics of the online platform is impressive: the number of simultaneously trading sellers reacher 20,000. Moreover, within a month 100,000 new traders make about 15 million transactions.

Such financial activity on the Internet cannot stay unnoticed, and therefore the issue of the possible cyber attacks remains hugely urgent.

Engineers of Olymp Trade note that intruders attempts to hack the system have repeatedly been observed. However, significant negative consequences on the system and critical losses can be avoided through a combination of technical and administrative measures. For example, by a separation and additional protection of funds circulating in the system: «just like that» you would not be able to withdraw the money. Any withdrawal attempt should receive information from the account holder. Thus any suspicious activity would be instantly suppressed.

Crucial moment

Some time ago, Olymp Trade first encountered a persistent DDoS attack - the largest in company history. Hackers planned to disable the system and start demanding money. Employees received various letters with direct threats and extortion.

«It is fair to admit that we did not immediately realize that the abnormal activity is hiding a real threat,» said Olymp Trade representative. «By carrying out extensive advertising activity, we already faced a severe increase in requests that put a significant load on the platform, and at first believed that our system does not withstand a large number of new and relevant users. It seemed to us that this traffic was valid until the experts began to disassemble it by logs.

Attempted attacks aimed L2 and L7 on several vectors, starting with trial strikes on our service and ending with a long night series of continuous requests. Our 24-hours technical support service immediately reported a significant deterioration of service and instability of the platform: at night we raised the team of our technicians and, having evaluated the problem, started switching to the Qrator filtration network.»

Sometime after connecting, learning and setting up the network, all the garbage traffic was filtered out, and the work was normalized. 

Mobile hacking

For customer’s convenience, some mobile applications do not require captcha input, and intruders try to use that for their sake. Olymp Trade periodically encounters attempts to compromise the end devices and applications - for example, in the case of brute forcing passwords. The company is aware of such efforts of exploitation and actively fights them. To protect customers new algorithms for the account protection are introduced, WAF is adopted to prevent the risk of hacking the trading application.

At the same time, some possible attack vectors are weakly controlled. Infected by the virus Android device that redirects SMS to the malefactor, desktop keyloggers are the nowadays reality. It is difficult to reverse the situation because this vulnerability exists on the side of the end user. We should pay tribute to the Olymp Trade technical support specialists, who always warn traders about possible non-market risks and try to find the best options for ensuring their security.

No pasarán!

Olymp Trade notes that not all attack types could be efficiently mitigated on own forces - often it is economically exhausting.

After connecting to the Qrator Labs mitigation network, the company’s services entered the usual mode of operation. However, this does not mean that the attacks ceased forever: for several weeks, strong cyber attacks were observed. However, even after hackers switched the attack vector, the Qrator network quickly adapted to the changes and efficiently neutralized new mass queries. Work of support technicians and developers should also be noted, who promptly joined the process of analyzing further attacks.

Olymp Trade considered DDoS-mitigation services from several contractors, but, in the end, made the Qrator Labs decision. Among the main reasons - a positive teamwork experience, high professionalism and a complete understanding of the internal technical structure of the financial company.

«The effectiveness of the Qrator Labs solution is high», summed up the Olymp Trade representative.