Last week, trading on the New Zealand Exchange (NZX) was disrupted on four consecutive days as a result of a sustained cyber-attack on to push market updates to the public as their website crashed and as a precautionary measure, NZX halted the trading sessions. Ecosystm Principal Advisor, Andrew Milroy says, “The recent NZX attack overwhelmed its public-facing NZX.com website and its Market Announcement Platform (MAP). This meant that investors could not see company announcements in real-time, preventing NZX from complying with regulatory requirements for continuous disclosure.”
The attacks which began on Tuesday came from overseas and made NZX struggle in recovering connectivity, over a five-day period. The cyber-attackers targeted NZX through distributed denial-of-service (DDoS) attacks which is a common way to overwhelm the network with sheer amount of traffic until it disrupts the services.
Milroy says, “It is not clear yet clear who launched the attack, but it is likely to be either an extortion attempt by a large cyber gang or a nation state attack. The attack was a very large, persistent, and sophisticated volumetric DDoS attack. A typical response to such an attack is to increase network bandwidth. However, additional bandwidth is becoming less effective at preventing DDoS attacks. DDoS attacks are getting larger and no amount of bandwidth can address the largest attacks, some of which exceed 1Tbps. DDoS attackers are increasingly focusing on the harder to protect application layer, rather than the network layers.”
The Government Communications Security Bureau (GCSB), network provider Spark, and international bodies provided assistance to NZX to mitigate the attack. Milroy adds, “NZX has also turned to Akamai for additional DDoS protection. Akamai’s Kona Site Defender is understood to be the solution being used. The product is designed to deflect network-layer DDoS traffic and absorb application-layer DDoS traffic at the edge. Mitigation capabilities aim to protect against attacks in the cloud.”
Growing Importance of Government Advisories and Investments
In November 2019, CERT NZ warned financial organisations of several global attacks including ransomware. The attacks were reportedly from Russia-based hacking groups. In an advisory, CERT NZ suggested businesses should implement DDoS protection services, and check network ports connected to avoid vulnerabilities and not pay any ransom to cybercriminals.
Following the CERT NZ warning last year, and considering the recent cyberattacks, GCSB has issued a security advisory to all businesses in New Zealand to be cautious on cyber incidents such as DDoS and ransomware attacks. The advisory comes from the GCSB’s National Cyber Security Centre. This is particularly aimed at small businesses that might have limited cybersecurity resources. The agency has asked them to report such incidents to Cert NZ. Advice includes:
- Approaching cybersecurity services providers to immediately implement any responsive actions (warning that organisations might incur additional fees)
- Temporarily transferring online services to a cloud-based hosting service
- Avoiding the disclosure of the IP address of the origin web server, and using a firewall, if using a content delivery network
- Using a DDOS mitigation service for the duration of attacks, in case they face attacks
- Disabling functionality or removing content from vulnerable online services
As a part of the New Zealand government’s cybersecurity strategy, last year the Government announced the allocation of USD 5.38 million to focus on security over the next four years, on top of USD 6.26 million funding for CERT NZ. The attack landscape and frequency has since increased in the aftermath of COVID-19.
Milroy says, “It will become increasingly important for governments the world over to make a concerted effort to protect their critical infrastructure, data assets and especially empower their SME communities with the right cybersecurity measures and timely guidance.”