NZX Stock Market Knocked Offline

The Wellington-based NZX exchange first went offline on Wednesday 26th August and although some connectivity was restored for investors, some trading was halted. The incident follows a number of alleged cyber attacks by foreign actors on Australian government and commercial organisations which ate  alleged to be attacks by Russian hackers.  

The NZX has said it had experienced “network connectivity issues” and that the NZX main board, NZX debt market and Fonterra shareholders market were placed on halt.

The interruption followed a shutdown and trading halt due to an overseas-based distributed denial of service (DDoS) attack. The NZX says that it had “experienced a volumetric DDoS attack from offshore via its network service provider, which impacted NZX network connectivity”. It said the attack had affected NZX websites and the markets announcement platform, causing it to call a trading halt at 3.57pm on Wednesday 26th.

NZX said the attack had been “mitigated” and that normal market operations would shortly resume, but this subsequent attack has raised questions about security.

A DDoS attack aims to overload traffic to internet sites by infecting large numbers of computers with malware that bombards the targeted site with requests for access. Prof Dave Parry, of the computer science department at Auckland University of Technology, said it was a “very serious attack” on New Zealand’s critical infrastructure. 

He warned that it showed a “rare” level of sophistication and determination, and also flagged security issues possibly caused by so many people working from home. “Unfortunately the skills and software to do this are widely available and the disruption of Covid and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual.”

Parry said there are two options for NZX to deal with the DDoS: shutting down the “bots”

  • Getting users to update security patches and delete the malware,  Or
  • Blocking the IP addresses of the bot machines with a firewall so that the NZX site doesn’t have to deal with them.

While it is not clear what the motives were behind these cyber-attacks, these attacks were probably financial motivated. A distributed denial-of-service attack is one of the most powerful weapons on the Internet as it overwhelms a site with more traffic than the server can accommodate. DDoS attacks are often used by financially-motivated cyber criminals.

@NZXGroup:         RNZ:         NZHerald:           The Spinoff:        Guardian

You Might Also Read:

Russian Cyber Operations: State-led Organised Crime:

 

« Utah University Pays Half Million Dollar Ransom Demand
Will It Be The US That Breaks Up The Internet? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

InsightCyber

InsightCyber

InsightCyber is on a mission to keep the world’s critical infrastructure, supply chains, and manufacturing operations cyber-safe, helping to prevent attacks that can have catastrophic impacts.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

Bluewave

Bluewave

Bluewave are a strategic IT advisory company that offers businesses a simple and comprehensive way to purchase information technology solutions.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Nordic Defender

Nordic Defender

Nordic Defender is the first crowd-powered modern cybersecurity solution provider in the Nordic region.

Parried

Parried

Parried is a leading Managed IT Services and Cybersecurity provider, known for blending deep technical knowledge with business strategy.