NZX Stock Market Knocked Offline

Uploaded on 2020-08-27 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

The Wellington-based NZX exchange first went offline on Wednesday 26th August and although some connectivity was restored for investors, some trading was halted. The incident follows a number of alleged cyber attacks by foreign actors on Australian government and commercial organisations which ate  alleged to be attacks by Russian hackers.  

The NZX has said it had experienced “network connectivity issues” and that the NZX main board, NZX debt market and Fonterra shareholders market were placed on halt.

The interruption followed a shutdown and trading halt due to an overseas-based distributed denial of service (DDoS) attack. The NZX says that it had “experienced a volumetric DDoS attack from offshore via its network service provider, which impacted NZX network connectivity”. It said the attack had affected NZX websites and the markets announcement platform, causing it to call a trading halt at 3.57pm on Wednesday 26th.

NZX said the attack had been “mitigated” and that normal market operations would shortly resume, but this subsequent attack has raised questions about security.

A DDoS attack aims to overload traffic to internet sites by infecting large numbers of computers with malware that bombards the targeted site with requests for access. Prof Dave Parry, of the computer science department at Auckland University of Technology, said it was a “very serious attack” on New Zealand’s critical infrastructure. 

He warned that it showed a “rare” level of sophistication and determination, and also flagged security issues possibly caused by so many people working from home. “Unfortunately the skills and software to do this are widely available and the disruption of Covid and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual.”

Parry said there are two options for NZX to deal with the DDoS: shutting down the “bots”

  • Getting users to update security patches and delete the malware,  Or
  • Blocking the IP addresses of the bot machines with a firewall so that the NZX site doesn’t have to deal with them.

While it is not clear what the motives were behind these cyber-attacks, these attacks were probably financial motivated. A distributed denial-of-service attack is one of the most powerful weapons on the Internet as it overwhelms a site with more traffic than the server can accommodate. DDoS attacks are often used by financially-motivated cyber criminals.

@NZXGroup:         RNZ:         NZHerald:           The Spinoff:        Guardian

You Might Also Read:

Russian Cyber Operations: State-led Organised Crime:

 

« Utah University Pays Half Million Dollar Ransom Demand
Will It Be The US That Breaks Up The Internet? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Research Institute in Trustworthy Industrial Control Systems (RITICS)

Research Institute in Trustworthy Industrial Control Systems (RITICS)

RITICS is one of three Research Institutes formed as part of the UK National Cyber Security Strategy.

Charterhouse Müller UK

Charterhouse Müller UK

Charterhouse Müller UK are a leading service provider for end of life IT services including data erasure and secure IT asset disposal.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.

Orca Fraud

Orca Fraud

Orca is an AI-driven fraud orchestration platform. We empower fraud fighters to outpace fraud using our custom ML models.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.

ALSO Group

ALSO Group

ALSO is one of the leading technology providers for the ICT industry currently active in 31 countries in Europe and in many countries worldwide via PaaS (Platform as a Service) partners.

Bonfy.AI

Bonfy.AI

Bonfy.AI prevents incidents in the use and communication of AI and human generated content, providing visibility and proactive risk mitigation of confidentiality, privacy, and compliance.