New Zealand will deploy its spy agency after hackers disrupted its stock exchange for the fourth day in a row, underscoring the threat cyber criminals pose to critical financial infrastructure.
Just minutes after bourse operator NZX said that the NZ$204bn ($135.5bn) exchange would open as normal on Friday morning, it called a halt due to denial-of-service attacks it said came from offshore. The repeated hacks have targeted the market disclosures platform, according to NZX, forcing it to freeze trading to ensure market integrity.
NZX said in a statement that it had “been continuing to work with its network service provider . . . and national and international cyber security partners . . . to address the recent cyber attacks”. Trading resumed at 1pm New Zealand time.
Grant Robertson, New Zealand’s finance minister, said the government had directed spy agency GCSB to work with NZX, noting the stock exchange’s significance to the economy.
Distributed denial of service attacks are a form of cyber assault that involves deluging a website with so many requests that genuine users cannot get access to it.
NZX and New Zealand’s intelligence agencies have not commented on the likely perpetrator of the attacks beyond identifying the source as “offshore”.
ZDNet, a technology news site, reported that hacker groups using names such as Amanda Collective and Fancy Bear were behind the attacks on NZX and several other financial institutions, including PayPal, MoneyGram and India’s Yes Bank.
In a note published this month, cyber security firm Akami said the hacker groups had sent emails to finance, travel and ecommerce companies in the US, UK and Asia-Pacific demanding to be paid a ransom in bitcoin or face denial of service attacks.
NZX declined to comment on whether it had received such a ransom demand.
Martin Boer, director of regulatory affairs at the Institute of International Finance, said while it was not unprecedented for a stock exchange to be targeted in a cyber attack, the NZX case was unique in that it had caused disruption for several days.
“When Nasdaq [was] breached . . . there was no disruption of trading whatsoever,” he said, alluding to hacks nine years ago. “Here you’re actually seeing a critical part of a major country’s infrastructure that’s just been flattened for three days now.”
“[This] seems to be quite a sophisticated DDOS attack — the suspicion is that it does come from a foreign, state-backed adversary.”
Mr Boer said it was unclear whether a lack of preparedness at NZX was to blame or if it was because cyber adversaries — potentially with government resources — were becoming more sophisticated.
Justin Murray, founder of Murray & Co, an investment bank based in Christchurch, said the trading interruptions were particularly inconvenient as it was earnings season. “But this type of disruption is becoming more common the world over and it seems New Zealand is not immune,” he said.
In February, New Zealand’s central bank forecast that cyber attacks could wipe off 2-3 per cent of the country’s banking and insurance industry profits each year, highlighting the need for precautions.