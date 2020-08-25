There were serious questions last night after the NZX lost its final hour of trading after being hit by a cyber attack.

At the time, the bourse was heading toward a record close.

Spark put out a statement at 6.49pm saying, 'This afternoon a Spark customer, NZX Limited, experienced a volumetric DDoS (distributed denial of service) attack from offshore, which impacted NZX system connectivity. As such, NZX decided to halt trading in its cash markets at approximately 15.57.

"A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic. The attack was able to be mitigated and connectivity has now been restored for NZX."

Last night, security expert Daniel Ayers was surprised by the turn of events, tweeting: "Doesn't the NZX have DDoS protection?"

Spark had no further comment last night but is expected to furnish more information this morning.

Extortion warning

Some DDoS attacks are executed for kicks, to prove a hacker's chops; some are politically motivated; others have criminal intent.

They have been out of the headlines for a couple of years, as hackers have turned more toward ransomware attacks that see data encrypted then a sum demanded for its release.

Advertisement

But in October last year, Crown agency Cert (Computer Emergency Response Team) NZ, issued an advisory, saying: "Cert NZ has recently received reports relating to an extortion campaign targeting companies within the financial sector in New Zealand. Similar activity has been seen internationally.

"The cybercriminals claim to be Russian advanced persistent threat group (APT) 'Fancy Bear / Cozy Bear' and demand a ransom to avoid DDoS attacks. They carry out a short DDoS against a company's IP address to demonstrate intent," Cert NZ said.

The GCSB says it has prevented $100m in harm from cyberattacks since 2016, and its cyberattack defences extend to un-named private sector players - but the agency does not typically comment on individual attacks.

What is a DDoS attack?

Security company NortonLifeLocks says criminals prepare for a DDoS attack by taking over thousands of computers. These are often referred to as "zombie computers." They form what is known as a "botnet" or network of bots. These are used to flood targeted websites, servers, and networks with more data than they can accommodate.

A volume-based or "volumetric" DDoS attack, which was apparently the variant that hit the NZX, sees massive amounts of traffic sent to overwhelm a network's bandwidth, NortonLifeLock says.

The company says a DDoS attack has to be repelled at the internet service provider level (often this involves temporarily blocking traffic from certain IP addresses).

But it is also a good idea to keep your security software up to date so your PC does not unwittingly become part of a botnet attack.

The NZX did not immediately respond to questions about whether it had received any extortion demand, whether its communications setup involved multiple providers for redundancy, and what steps were being taken to avoid another attack.