The New Zealand Stock Exchange (NZX) has been under attack for several days now as a DDOS attack (distributed denial of service) crippled trading on the exchange. NZHerald claimed that Russian cybercrooks were behind the attack.
On August 26, the NZX issued the following statement:
Yesterday afternoon NZX experienced a volumetric DDoS (distributed denial of service) attack from offshore via its network service provider, which impacted NZX network connectivity. The systems impacted included NZX websites and the Markets Announcement Platform. As such, NZX decided to halt trading in its cash markets at approximately 15.57. A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic. The attack was able to be mitigated and connectivity has now been restored for NZX. NZX will resume normal market operations today, Wednesday 26 August.
Trading was actually said to have been reinstated today (August 28).
It has been reported that the New Zealand government has enlisted the country’s spy agency, the GCSB, to assist the NSX in uncovering the perps but it also raises questions as to why the exchange was so ill-prepared for such a type of an attack. Speculation is the NZX is the target of an extortion attempt, perhaps paid out in crypto like Bitcoin, but the exchange has remained quiet on the subject.
CRITICALSTART, a cyber-defense firm, shared a statement with Crowdfund Insider. A spokesperson said that as attacks enter their 4th straight day on NZX, the national government is starting to involve its spy agencies to find additional information about the source of the attack that while currently being disclosed as “offshore”, the attention and resource delegation to the attack is a strong indicator of the level of seriousness.
“The attack itself isn’t exceedingly complex or difficult to launch. Distributed Denial of Service attacks involves overwhelming a site’s resources with traffic, rendering it unavailable for legitimate use. These types of attacks are difficult to prevent, and have long been used to attack the availability of applications. The suspected attackers in this scenario are Fancy Bear and the Armada Collective, who appear to be targeting other financial institutions like MoneyGram, PayPal, Venmo, and others. While it hasn’t been confirmed, the suspected motivation is extortion, demanding a ransom to return the availability of their services. Based on the success of these attacks, sights could turn to point towards larger, more valuable targets, up to and including the NYSE.”
The NZX is not the first target of a DDOS attack and will not be the last. Amazon was famously assaulted by the “largest ever DDOS” attack back in June that reportedly experienced an attack of 2.3TBS. The previous record was said to be 1.7TBS.
Cloudflare, and other services, offer DDOS protection and the NZX was said to have migrated is the platform to Akamai to disrupt the attacks but it may be a while until the dust settles and we know more.
Newshub quoted Professor Dave Parry from Auckland University stating the attacks were quite sophisticated:
“Unfortunately, the skills and software to do this are widely available and the disruption of COVID and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual,” said Parry.
Featured in Crowdfund Insider | August 28, 2020
CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.