NZX Stock Market Knocked Offline

Uploaded on 2020-08-27 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

The Wellington-based NZX exchange first went offline on Wednesday 26th August and although some connectivity was restored for investors, some trading was halted. The incident follows a number of alleged cyber attacks by foreign actors on Australian government and commercial organisations which ate  alleged to be attacks by Russian hackers.  

The NZX has said it had experienced “network connectivity issues” and that the NZX main board, NZX debt market and Fonterra shareholders market were placed on halt.

The interruption followed a shutdown and trading halt due to an overseas-based distributed denial of service (DDoS) attack. The NZX says that it had “experienced a volumetric DDoS attack from offshore via its network service provider, which impacted NZX network connectivity”. It said the attack had affected NZX websites and the markets announcement platform, causing it to call a trading halt at 3.57pm on Wednesday 26th.

NZX said the attack had been “mitigated” and that normal market operations would shortly resume, but this subsequent attack has raised questions about security.

A DDoS attack aims to overload traffic to internet sites by infecting large numbers of computers with malware that bombards the targeted site with requests for access. Prof Dave Parry, of the computer science department at Auckland University of Technology, said it was a “very serious attack” on New Zealand’s critical infrastructure. 

He warned that it showed a “rare” level of sophistication and determination, and also flagged security issues possibly caused by so many people working from home. “Unfortunately the skills and software to do this are widely available and the disruption of Covid and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual.”

Parry said there are two options for NZX to deal with the DDoS: shutting down the “bots”

  • Getting users to update security patches and delete the malware,  Or
  • Blocking the IP addresses of the bot machines with a firewall so that the NZX site doesn’t have to deal with them.

While it is not clear what the motives were behind these cyber-attacks, these attacks were probably financial motivated. A distributed denial-of-service attack is one of the most powerful weapons on the Internet as it overwhelms a site with more traffic than the server can accommodate. DDoS attacks are often used by financially-motivated cyber criminals.

@NZXGroup:         RNZ:         NZHerald:           The Spinoff:        Guardian

You Might Also Read:

Russian Cyber Operations: State-led Organised Crime:

 

« Utah University Pays Half Million Dollar Ransom Demand
Will It Be The US That Breaks Up The Internet? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Schellman

Schellman

Schellman is a leading provider of attestation and compliance services.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.