Days to the General Election: 21
See Party Policies here. Party Lists here.

NZX's network connectivity restored, after trading was halted for 3.5 hours today due to a second cyber attack; Commerce Minister says it doesn't look like the attack came from a state actor

NZX's network connectivity restored, after trading was halted for 3.5 hours today due to a second cyber attack; Commerce Minister says it doesn't look like the attack came from a state actor

Commerce and Consumer Affairs Minister Kris Faafoi says the cyber attacks that have halted trading on the NZX twice in the past 24 hours don't look like they came from a state actor.

Faafoi said he had been told they didn’t have the “trademarks” of attacks from a state actor, but couldn’t rule this out categorically.

AUT Department of Computer Science Professor Dave Parry said it would be difficult to track the source of the attack. He noted a state actor could get a gang to launch the attack and demand a ransom, making it look like it was a private criminal.

The NZX wouldn't comment on the source.

The Government Communications Security Bureau said it doesn't typically comment on whether or not it's involved in investigating a particular case. Parry was confident it would be involved. 

Trading on the NZX resumed at 3pm today, after it was halted at 11:24am. Meanwhile trading was halted at 4:57pm on Tuesday, as the NZX was heading towards a near record close.

Attackers were saturating the network with large volumes of internet traffic. This kind of attack is known as a volumetric DDoS, or distributed denial of service attack.

The NZX said it was working with its network service provider, Spark, to address the "system connectively" issue.

The Financial Markets Authority said: “NZX notified us of the incident last night and we remain in close contact around this issue. We will support NZX wherever we can to assist them in operating safely and efficiently through this situation. 

"Our ongoing review of NZX strategy and governance of technology is advanced and general cyber security resilience is being assessed as part of that process.”

Here's more from Parry:

This is a very serious attack on critical infrastructure in New Zealand. The fact that this has happened on a second day indicates a level of sophistication and determination which is relatively rare.

A Distributed Denial of Service attack (DDoS) works by overloading traffic to internet sites e.g. web servers, etc. This means the web servers cannot service transactions normally and this is clearly a huge issue for a trading site where timing and assurance that transactions have completed are both critical. Attackers normally infect large numbers of 'innocent' computers with malware, turning them into 'bots' that can be instructed to keep trying to access the affected site. It’s like large numbers of people all shouting at you at once – you can’t distinguish the real messages from the false ones.

Normally there are two main ways to react:

  1. Shut down the 'bots' – often by getting users to update security patches and delete the malware.
  2. Block the IP addresses of the 'bot' machines using a firewall - blacklisting -  so that the NZX site doesn’t have to deal with them.

Because this is coming from overseas, the first option is difficult although there will be communication with legitimate ISPs and governments overseas. For the second option, Spark will be looking at network traffic to identify sources and block them. Sophisticated attackers will be changing the IP addresses of the attacking computers, potentially via Virtual Private Network software, turning them on and off and also adding new ones.

GCSB will be involved along with CERT in trying to identify the source of the attack. Unfortunately, the skills and software to do this are widely available and the disruption of COVID and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual.

These sort of attacks can be mounted by governments or private criminal gangs. Recently, Australia has pointed the finger at the Chinese government for similar attacks; the Chinese government has strongly denied this. As yet, there is no evidence that this attack is by an overseas government. Criminal gangs, especially if they are based in poorly-regulated countries, can use these attacks to demand ransoms.

This is not an issue around New Zealand computers being vulnerable to security breaches, but it is worth checking that anti-virus and security patches are up to date, and that people running websites, etc. notify their ISP if there is unusual activity.

We welcome your comments below. If you are not already registered, please register to comment.

Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.

26 Comments

Any news on where overseas the attacks are coming from?

Other media are saying it's thought to have come from China or Russia, but I haven't heard anything from official sources. 

Per speculation .

I'm going to start a rumor it's coming from the US; the launch of Sharesie's US trading opened a vulnerability.

Usually hard to unambiguously source ddos attacks as they come from large botnets. Even if most of the bots are in (eg.) Russia that just means that Russian systems are less protected against being hijacked from somewhere else, which could be anywhere. Cyberattacks generally can be easily spoofed as coming from somewhere else again. Select your culprit according to taste!

13
up

Chinese leaving NZ in droves and now also down to 4000 pa coming in. (was 10,000 two years ago)
Now CCP (most likely) doing cyber attacks on NZ.
Also telling NZ government and Aus government to keep quiet about HK, Uighars, Tibet and threatening consequences.
Of course we keep up the facade of pretending that China is really important to our exports so we need to tread softly. How long for is the question. All this sabre rattling and misbehaving and threatening is starting to resemble Japan in the 1930s, which also came as a surprise to some I suppose

Australia to Support 4,000 Defense Jobs With A$1 Billion Package
And yet:
Americans, War – Slow Learners

The American way of warfare assumes unchallenged air superiority and reliable communications. What would happen if the complacent U.S. forces meet serious integrated air defence and genuine electronic warfare capabilities? The little they have seen of Russian EW capabilities in Syria and Ukraine has made their “eyes water“; some foresee a “Waterloo” in the South China Sea. Countries on Washington’s target list know its dependence

The US Cannot Afford to Risk Another Endless War by Exerting Max Pressure on Iran

Thanks for the links Audaxes. If Trump's anticipated "October surprise" is a "rally-round-the-flag" boost like taking out a Chinese warplane, boat or installation in the South China Seas, I guess we all need to hope Xi's pre-HK patience and long-term vision returns, lest his high-end subs are "missing" because they've been testing just how quietly they can shadow target a US carrier group.

"Walk quietly and carry a big stick." Something the US (and current administration in particular) seem to have some difficulty with.

Any evidence Chinese are 'leaving in droves'?
Not saying you're wrong, just curious about source.

Yes I often wonder where mikekirk29 gets his numbers from.

Keyboards have an unlimited supply of numbers...

11
up

RBNZ are well aware of this.

How can there be "4000 coming in"? Borders are closed. Unless they're returning citizens or permanent residents?

Yeah very true mk29, and of course there's the added thing about China's manufacturing a bioweapon and calling it CV 19!! Gotta watch those chinamen for sure. It's a world domination move and this is just the start!!

Could explain why xing’s postings have been absent on here lately.

Last trade at 11:23am restored at 3:00pm. Nutha crude DDos. Not sure what they get outta this?

Mind games ?

Or just a common garden script kiddie with nothing better to do:
https://www.zdnet.com/article/thanks-script-kiddies-200gbps-ddos-attacks...

Not sure either, but costs them nothing.

Well, they get lost trade for a start.

I’ve watched enough movies to realise this is just as likely to be “the good guys” as it is “the bad guys”.

NZX should have their own infrastructure that can deal with this sort of thing. Hopefully they'll learn that lesson...

"This is a very serious attack on critical infrastructure in New Zealand"
Surely we could live without this casino, and all the others, for a few years?

Well, been a really interesting and exciting day for conspiracy theories. Really great stuff, opportunity for lots of latent prejudices to be able to come to the surface. Mafia and Triads obviously only old minions now as they didn't get any mention. :)
So lets just keep repeating these over and over and it wont be long before they are established as gospel. Just make sure you check under the bed tonight so you can sleep tight :)

Oh no! Down again. 11:05. Similar time to yesterday.

Days to the General Election: 21
See Party Policies here. Party Lists here.