NZX bounces back after cyber-attacks, new website goes live 

September 29, 2020 08:12 PM AEST | By Team Kalkine Media
 NZX bounces back after cyber-attacks, new website goes live 

Summary

  • NZX Ltd was hit repetitively by a distributed denial of service (DDoS) attacks in the last week of August, which is a common way to disrupt a server by overwhelming it with a flood of internet traffic flow.
  • Attackers also aimed at other organisations like Westpac, TSB, and weather forecaster MetService.
  • NZX has launched an alternative site called announcements.nzx.com after being subject to DDoS attacks, which showcase 200 most recent market announcements.
  • NZ’s spy agency, Government Communications Security Bureau has been instructed to assist NZX with the cyber-attacks.
  • The Chief Information Officer has resigned from NZX after a chain of attacks set off multiple crashes of the trading website.

Cyber-attacks are increasingly becoming a norm on New Zealand stock exchange and has also been extended to websites, which involve banks as well as media firms.

New Zealand stock exchange fell victim to a distributed denial of service (DDoS) cyber-attacks (which began in August) that resulted in the suspension of trading by NZX for 6 days. NZX had received an email that had put it ‘on notice’ just before a DDoS attack targeted it.

To know more about the last month’s cyber-attack on NZX, please click here.

Such cyber-attacks are a common way to disrupt a server, where cybercriminals overpower and crash an organisation's online services, with enormous amounts of spurious internet traffic until they can no longer handle the scale of data requested.

The attacks are not created to rob data or do insider trading but rather demand ransom from the victims. The ransom generally involves demanding thousands of dollars that are paid in bitcoin or another cryptocurrency, which is practically unnoticeable. The DDoS software is accessible on the dark web and is not very tough to write.

ALSO READ: Your Privacy on Sale, Dark Web the Marketplace

She also added that due to DDoS characteristics, the largest and most vulnerable sites are targets of these attacks. In contrast, the defence against such attacks is quite tricky. Hence, the only way out is to turn off the site.

NZX spokesperson stated that the attacks impacted NZX's capability to circulate market announcements to the people, coercing it to stop trading to sustain market integrity. The attacks also disturbed operations in its Fonterra Shareholders Market, debt market, and the derivatives market.

ALSO READ: Are Cyber Attacks on NZX likely to get worse? GCSB warns NZ companies

Lately, NZX has been working with Spark (service provider for NZX network), government cybersecurity agencies and the US-based cybersecurity firm Akamai Technologies to apply extra security measures.

Government steps to stop the attacks

NZ’s Justice Minister, Andrew Little, stated that there had been an unparalleled rise in cyber-attacks, which is aiming everything from the stock market to weather service. He noted that the attackers found specific vulnerabilities in the stock market operations, which motivated them to persist with the attack.

Attackers also picked on other organisations like TSB, Westpac, certain news firms and weather organisation MetService.

RELATED READ: Knock Knock! Cybercriminal at Your Doorstep

As per Cert NZ, a total of 3,102 incident reports were received in Q1 and Q2 of 2020, a 73% rise in reports from Q1 to Q2.

Total financial losses stood at NZ$7.8 million for Q1 and Q2 2020 together. The specifics of the same are outlined in the table below:

Image Source: © Kalkine Group, Data Source: cert.nz.gov

Mark Peterson, Chief Executive, NZX stated that autonomous cyber specialists had warned NZX that the attacks had been the biggest, most well-resourced and advanced they have ever experienced in NZ.

Mr Little has brought in NZ's top security system ODESC to shield against the ongoing cyber-attacks.

Chief executives of the government led, ‘Officials' Committee for Domestic and External Security Coordination’ (ODESC) is the core committee of the National Security System, which acts during the crisis that jeopardises NZ security, sovereignty, or economy.

The committee was set up after the terror attack of 15 March in 2019 and recently stood up against coronavirus pandemic.

Government Communications Security Bureau has been leading ODESC, NZ foreign spy agency to assist with the investigation and working to safeguard targeted companies.

NZX launches backup site

NZ stock exchange has launched a backup site announcements.nzx.com after being a victim of cybercrime for over a month. The new site highlights the 200 most recent market announcements.

The idea has been adopted by a model followed by MetService, earlier where people are diverted to a no-frills site during the event of a cyber-attack.

After the suspension of trading activity on NZX due to a DDoS attack, that started on 26 August, the exchange began using a range of other methods from 31 August to keep market participants updated with the latest news.

Though NZX did not mention the mechanism, Sharesies is one such example, which used Google Drive to give market updates to its investors. Hence, NZX has been able to keep its platform running even after the subsequent attacks.

The backup site has now restructured the backup procedure, while NZX has further bolstered systems.

NZX Chief Information Officer resigns

On 29 September, NZX also announced the resignation of its Chief Information Officer, David Godfrey. He will be exiting NZX by the end of this year after a series of DDoS attacks, which triggered multiple crashes of the trading website.

Mr Godfrey has shouldered an array of IT leadership roles for more than a decade with NZX. He headed Regulated Systems & Operations before becoming the IT head of NZX in June 2011 and Chief Information Officer in 2016.

NZX Chief Executive Mark Peterson appreciated Mr Godfrey's contribution to NZX and his calmness, as well as supportive attitude towards his teams in the difficult times of coronavirus and the latest cyber-attacks.


Disclaimer

The content, including but not limited to any articles, news, quotes, information, data, text, reports, ratings, opinions, images, photos, graphics, graphs, charts, animations and video (Content) is a service of Kalkine Media Pty Ltd (Kalkine Media, we or us), ACN 629 651 672 and is available for personal and non-commercial use only. The principal purpose of the Content is to educate and inform. The Content does not contain or imply any recommendation or opinion intended to influence your financial decisions and must not be relied upon by you as such. Some of the Content on this website may be sponsored/non-sponsored, as applicable, but is NOT a solicitation or recommendation to buy, sell or hold the stocks of the company(s) or engage in any investment activity under discussion. Kalkine Media is neither licensed nor qualified to provide investment advice through this platform. Users should make their own enquiries about any investments and Kalkine Media strongly suggests the users to seek advice from a financial adviser, stockbroker or other professional (including taxation and legal advice), as necessary. Kalkine Media hereby disclaims any and all the liabilities to any user for any direct, indirect, implied, punitive, special, incidental or other consequential damages arising from any use of the Content on this website, which is provided without warranties. The views expressed in the Content by the guests, if any, are their own and do not necessarily represent the views or opinions of Kalkine Media. Some of the images/music that may be used on this website are copyright to their respective owner(s). Kalkine Media does not claim ownership of any of the pictures displayed/music used on this website unless stated otherwise. The images/music that may be used on this website are taken from various sources on the internet, including paid subscriptions or are believed to be in public domain. We have used reasonable efforts to accredit the source wherever it was indicated as or found to be necessary.


AU_advertise

Advertise your brand on Kalkine Media

Sponsored Articles


Investing Ideas

Previous Next
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.