New Zealand’s Stock Exchange Market (NZX) suffered cyber attacks for four days in a row, forcing the government to activate the country’s National Security System. The NZX was forced to close on the fourth day of the attacks after crashing due to systems connectivity issues. The debt market and Fonterra market, however, resumed trading within three hours after abruptly shutting down on Friday afternoon. The government could not determine the source of the “offshore” cyber attack, casting doubts on its ability to stop future attacks.
New Zealand’s Stock Exchange cyber attack timeline
The barrage of distributed denial of service attacks (DDoS) began on Tuesday, affecting NZX’s servers’ availability. The attacks disrupted the cash and debt markets as well as the Fonterra shareholders market, including its derivatives.
Fonterra Co-operative Group is the world’s largest milk exporter producing over 2 billion liters of milk daily. Foreign investors owned 40% of the company’s shares in 2018.
During the shutdown, institutional dealers were forced to trade by communicating directly with each other. This mode of communication allowed them to place “negotiated trades” during the lifetime of the cyber attack. The public market was, however, halted to avoid putting the traders at a disadvantage.
Source of New Zealand’s DDoS cyber attack
New Zealand government agencies said the cyber attack originated from offshore sources. However, the government could not pinpoint the exact source of the cyber attack. With the traffic originating “through the global gateway,” the government said it was impossible to identify the source.
The government has also yet to establish the motive for the attack. However, New Zealand’s cyber-security organization, CertNZ, had issued warnings about emails sent to financial firms, threatening to shut down the NZX unless they paid a ransom. The emails were suspected to originate from Russian threat actor Fancy Bear.
The group had carried out small bursts of attacks to scare the companies into compliance. The timing of the incident is particularly concerning, considering it happened during the busy earning season for investors.
The circumstances surrounding the attack suggest the same group was living up to its promise and causing the traders to lose profits. This new form of blackmail could mark a new era of largescale attacks intended to force companies to pay a ransom for their collective good.
DDoS attacks are intended to disrupt a network by flooding it with internet traffic, thus overwhelming its capacity to handle legitimate requests.
New Zealand’s central bank warned that cyberattacks could eliminate up to 3% of banking and insurance profits. With a small population of about 5 million, cybercriminals rarely target the country. However, its much larger neighbor, Australia, has witnessed increased cyber attacks over the years.
Government’s reaction to the DDoS attack
To ward off the cyber attacks, Wellington has involved the Government Communications Security Bureau (GCSB) who is responsible for both intelligence gathering and providing defenses for the country’s critical cyberinfrastructure.
Without divulging the terms of specific details, Grant Robertson, the country’s finance secretary, said the officials in the “government are treating this very seriously.” The government also refused to describe the impact of the cyber attack on the stock market’s system and data.
Mark Paterson, the stock exchange market’s CEO, said, “Given that this is an ongoing response, NZX will not be providing detail on the nature of the attacks or counter-measures.” He added that the incident was not a “data or communication integrity issue.”
“This may be a rehearsal of a major attack targeting NASDAQ or LSE amid the craziness going on the global stock markets. I don’t think that major cyber gangs have their interest in, or were hired by someone to conduct a DDoS capable of repeatedly shutting down NZX. While even a daily outage of NYSE can lead to multibillion losses around the globe, and probably even some bankruptcies and countless lawsuits,” says Ilia Kolochenko, the Founder & CEO of the web security company, ImmuniWeb.
Cyberattacks targeting stock exchange markets are not rare. Hong Kong Stock market faced a similar attack in 2019, forcing it to shut down its operations. BATS, CBOE, and Nasdaq, have also experienced DDoS attacks in the past.