[BreachExchange] New Zealand stock exchange down 24 hours after cyber attack

Destry Winant destry at riskbasedsecurity.com
Wed Aug 26 10:48:18 EDT 2020


https://www.news.com.au/finance/markets/world-markets/new-zealand-stock-exchange-down-24-hours-after-cyber-attack/news-story/fcaf5236692beb4f05d64e81465186d1

The NZX website is battling to get back online after crashing late
morning for the second consecutive day.

The exchange went offline at 11.24am but was back up and running at
12:24pm, however some trading is halted.

“NZX is currently experiencing network connectivity issues. The NZX
Main Board, NZX Debt Market and Fonterra Shareholders Market are
currently halted. Further information will be provided soon,” the NZX
said on its website.

Yesterday, trading was halted for an hour in the afternoon.

In a joint statement with Spark, NZX said yesterday it “experienced a
volumetric DDoS (distributed denial of service) attack from offshore,
which impacted NZX system connectivity”.

“As such, NZX decided to halt trading in its cash markets at
approximately [3.57pm]. A DDoS attack aims to disrupt service by
saturating a network with significant volumes of internet traffic.”

The statement added that the attack “was able to be mitigated and
connectivity has now been restored for NZX”.

Professor Dave Parry, Department of Computer Science at AUT, said it
was a very serious attack on critical infrastructure in New Zealand.

“The fact that this has happened on a second day indicates a level of
sophistication and determination which is relatively rare.

“A Distributed Denial of Service attack (DDoS) works by overloading
traffic to internet sites e.g. web servers, etc. This means the web
servers cannot service transactions normally and this is clearly a
huge issue for a trading site where timing and assurance that
transactions have completed are both critical.”

Parry said that it is not an issue around New Zealand computers being
vulnerable to security breaches, but “it is worth checking that
antivirus and security patches are up to date”.


More information about the BreachExchange mailing list