- As on 31 August 2020, NZX faced the cyberattack five days in a row; trading sessions continued despite the website being down.
- NZ Exchange operator shifted the services on their X-Stream trading platform.
- NZX has roped in Akamai Technologies for additional support along with its network service provider Spark.
The New Zealand Exchange (NZX) has been the target of cyberattacks for five consecutive days, as on 31 August 2020. The DDoS (Distributed Denial of Service), one of the common cyberattacks, disturbed the trading session on Tuesday, Wednesday, Thursday, and Friday last week, but on Monday, 31 August S&P/NZX 50 index continued the session.
On Friday, the government of New Zealand roped in the Government Communications Security Bureau (GCSB) along with the national agency to help exchange operator fight the attack.
The GCSB's National Cyber Security Centre had issued an advisory for all New Zealand businesses, NZX has forwarded the advice to its listed companies. The GCSB has given its recommendations in General Security Advisory asking the companies to be prepared. The DDoS attacks halted the trading sessions on NZX, and affected the website NZX dot com.
Moreover, cyberattacks were unsuccessfully attempted on media house websites Stuff and RNZ over the weekend.
Small businesses who do not have their own IT department are advised to contact the Computer Emergency Response Team (CERT) of New Zealand. CERT NZ is set up to help individuals, businesses or organisations in need to deal with cybersecurity problems. They also provide trusted and authoritative information and advice to the affected party.
Preparing and responding to the denial-of-service attacks:
CERT NZ in the month of November had warned the businesses that a group of hackers, probably, a Russian hacker gang calling themselves as Cozy Bear were aiming at New Zealand businesses. These cybercriminals were targeting financial institutions with Distributed Denial of Service (DDoS) attacks to disrupt the usual process.
During such episodes of cyberattack, the hackers overwhelm a website or a server with a flood of internet traffic to crash them. CERT NZ said that the attacks are coming from various directions and hence making it challenging to locate the source. They could be state actors, cybercriminal gangs, rogue insiders or hackers experimenting their tricks and any organisation who without intentions divulged the flood of data into a server.
The NCSC (National Cyber Security Centre) has stated that businesses need to determine how their firms are vulnerable to such cyberattacks, and what they can do to prevent and tackle such attacks.
NCSC asked the companies to discuss with their service providers about the cyberattack prevention and mitigation strategies. The organisations' domain name should be protected, and the service providers must provide 24x7 services to the customers.
Source: CERT NZ 2020 half year summary
In 2019, a total of 4,740 types of cyberattacks were reported to Computer Emergency Response Team (CERT) NZ, which is a 38% increase from 2018 numbers. In just first six months of 2020, the cyberattacks increased by 42% compared to the same period in 2019. By April 2020, the numbers had almost doubled up than the number of such incidents recorded in April 2019; March 2020 was the exception, with slightly fewer reports than March 2019.
The agency has also given its recommendation to the organisations, who wish to fight denial-of-service attacks but are not fully prepared to do so. Such organisations can follow appropriate and practical measures to withstand attacks, effectively, if they are adequately prepared in advance.
NZX trading continues despite the firth cyberattack in a row:
Today on August 31, 2020, NZX again reported its fifth attack in a row, which initially impacted its public-facing website NZX dot com. NZX shifted its services on its X-Stream trading platform. Soon after the market opened NZX dot com crashed around 10.20 am and was moving up and down for the next 30 minutes.
After the attacks last week, the exchange operations were forced to suspend because of the website being down. However, on 31 August, even after the cyberattack, NZX carried on with the trading session, as it made a new arrangement with the Financial Markets Authority.
NZX chief executive Mark Peterson announced on Monday that the attack had affected NZX website, still, the trading session continued "without a blip". Though, the DDoS attacks impacted NZX's ability to publish market announcements to the public. He also mentioned that the exchange was advised by an independent cyber specialist that the last week’s sophisticated attacks were among the largest and most well-resourced, they had ever witnessed in New Zealand.
The exchange was a target of series of cyberattacks for four consecutive days last week because of which NZX halted the market to maintain market integrity. NZX then made arrangement with the Financial Markets Authority for contingency plans for the release and access to market announcements instead of its regular website NZX dot com.
Peterson added that the markets opened on Monday with new arrangements, which were intended to allow trading even if the cybercriminals attacked NZX's website again.
NZX calls in Akamai for additional cyberattack defence:
The NZX confirmed that the exchange has roped in Akamai Technologies for additional support along with its network service provider Spark. Nasdaq-listed cyber defence firm Akamai Technologies is the multinational content delivery network giant.
In a blog posted in August 17, Akamai Technologies mentioned cybercriminals calling themselves Fancy Bear and Armada Collective were sending letters to banking & finance and retail sectors disturbing their services and making extortion demands in return.
The attackers sent threatening emails to the organisations giving them a warning of possible DDoS attack on them if they do not pay a ransom in Bitcoin. The blog stated that the groups posing as Armanda Collective/Fancy Bear is capable of deluging servers with spurious web requests at the rate of 200 gigabits a second to crash their online services.
The extortion demands were similar to those used by DDoS ransom groups before and the demands had begun at up to 20 Bitcoin a day (NZ$341,140) and if the deadline to pay the ransom was missed then the demand rose by up to 30 Bitcoin a day.