New Zealand’s Stock Exchange Hit by Cyber-Attacks Two Days in a Row

As covered by the Guardian today, at 11.24 am local time on Wednesday August 26, the NZX exchange went offline, causing some trading to be halted although connectivity was partially restored. The NZX acknowledged it had experienced “network connectivity issues,” leading to the NZX main board, NZX debt market and Fonterra shareholders market being placed on temporary hold. Those areas were subsequently allowed to resume trading at 3.00 pm.

This incident followed a distributed denial of service (DDoS) attack on the stock exchange the previous day, Tuesday August 25, which forced it to call a halt to trading at 3.57 pm. In a statement published on August 26 referring to this attack, the NZX suggested foreign hackers were to blame: “Yesterday afternoon NZX experienced a volumetric DDoS attack from offshore via its network service provider, which impacted NZX network connectivity. The systems impacted included NZX websites and the Markets Announcement Platform.”

It added: “A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic. The attack was able to be mitigated and connectivity has now been restored for NZX.”

The new incidents have occurred shortly after a series of alleged state-sponsored attacks against a range of government and private-sector organizations in Australia.

Nick Turner, VP EMEA at Druva, said that attacks against high profile targets are more likely to be successful amid the ongoing COVID-19 pandemic: “Today’s second attack on New Zealand’s stock exchange is yet another reminder that remote work security challenges need to be addressed as a priority. Local governments and cities need to act fast, or risk putting their constituents’ health, safety, lives and most sensitive data at risk.

“Cyber-attacks have become a common threat against local governments who have become sitting ducks lacking the right infrastructure and technology to protect themselves against an attack as hackers look to seize critical data and take hostage over systems for hefty ransoms – or simply – to cause chaos on these establishments. From a hackers’ perspective, local governments and mission critical organizations are at their most vulnerable right now as a result of the pandemic.”

Jake Moore, cybersecurity specialist at ESET, added: “As the world becomes increasingly connected, more defenses are required to protect against the bombardment of attempts to take down a site. DDoS attacks are common threats that can usually be avoided with the correct mitigation techniques. However, when a site experiences a massive influx of traffic that it is not prepared for, even huge organizations can be knocked off their feet relatively easily – and for long periods of time.”

 

At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.