New Zealand’s stock exchange (NZX) has been hit by distributed denial-of-service (DDoS) attacks that took it offline for two days, trading activity was interrupted until the connectivity was restored.
According to a statement published by the New Zealand’s stock exchange, the SSoD attack “impacted NZX network connectivity” forcing it to halt trading in cash markets around 16:00 local time.
Trading operations were halted briefly for a second time, on Wednesday, but the interruption lasted only a few hours, from 11:24 to 15:00 local time.
The DDoS attack impacted traders, anyway financial or personal information of the users was not accessed.
“Yesterday afternoon NZX experienced a volumetric DDoS (distributed denial of service) attack from offshore via its network service provider, which impacted NZX network connectivity. The systems impacted included NZX websites and the Markets Announcement Platform.” reads the announcement published by the exchange. “As such, NZX decided to halt trading in its cash markets at approximately 15.57. A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic. The attack was able to be mitigated and connectivity has now been restored for NZX.”
NZX confirmed that the attack hit NZX websites and the Markets Announcement Platform.
In November, CertNZ warned financial firms of DDoS attacks with extortion purposes. New Zealand CertNZ’s alert explicitly mentioned emails sent from Russia-linked Fancy Bear.
“We have received reports of extortion emails targeting companies within the financial sector in New Zealand.” reads the alert.
“The emails claim to be from a Russian group called ‘Fancy Bear / Cozy Bear’ and demand a ransom to avoid denial-of-service attacks. They carry out a short denial-of-service attack against a company’s IP address to demonstrate their intent. So far, a larger denial-of-service hasn’t happened if the ransom is not paid.”
The NZX announcement released after the DDoS attack doesn’t provide details of the DDoS attack, such as the attach method and the name of the alleged threat actor behind the attack. Experts believe the attackers used DDoS-for-hire services (aka booters).
In April, Dutch authorities have taken down 15 DDoS-for-hire services in a week.
(SecurityAffairs – hacking, New Zealand stock exchange)