Stock market cyber attacks: NZX launches alternative site

The NZX now has a backup site after it sustained a series of cyber attacks. Image / NZ Herald Graphic

After being subject to cyber attacks over a three week period, the NZX has launched a backup site, announcements.nzx.com, which features the 200 most recent market announcements.

The move follows the model adopted earlier by Metservice, which sends people to a no-frills site in the event of a cyber attack.

For the first four days of a sustained DDoS (distributed denial of service) attack that began on August 26, NZX suspended trading on the basis that while the attack did not target its trading platform, it did overwhelm its website, leaving it with no avenue to fulfil its continuous-disclosure obligations.

From August 31, the exchange began using a variety of other mechanisms to keep market participants up to date. It did not name them, for security reasons. But Sharesies used a Google Drive to distribute market updates to its investors, as one example.

That meant it has been able to keep its trading platform running even through subsequent attacks, even if its public-facing NZX.com site was taken offline.

Now, the backup site has streamlined the backup process.

The GCSB and other authorities assisting the NZX have made no apparent progress identifying the offender.

But the exchange has beefed up its systems, with steps including drafting in multinational content delivery specialist Akamai, and apparently adding Vocus as a second connectivity partner, joining Spark (the NZX has yet to publically confirm that point). Its website has only been down briefly this week.