Will hackers interfere with NZX for second week?
New Zealand’s funds management industry will be watching the NZX’s website on Monday in the hopes that it is not felled again.
Monday, August 31st 2020, 5:00AM
Mark Peterson
The site was taken down on four consecutive days last week by cyberattacks understood to be from groups demanding a ransom.
While there is no threat to the money invested via the stock exchange, fund managers are reportedly concerned that the attacks were embarrassing and could shake investor confidence.
The attacks are a denial of service cyberattack, created by inundating the NZX with huge volumes of internet traffic to disrupt its operations.
Fund mangers are not able to buy or sell shares when the attacks push the exchange offline.
But KiwiSaver funds are not able to price portfolios accurately when the market is not functioning.
NZX is working with the GCSB and is understood to be calling on the resources of others in the Five Eyes network to locate the source of the attacks.
Chief executive Mark Peterson said Spark was also helping it to resolve the issue.
"Given that this is an ongoing response, NZX will not be providing detail on the nature of the attacks or counter-measures. We are directly communicating with our stakeholders and market participants and will continue to update them as necessary," he told media.
Dave Parry, a professor in the AUT department of computer science, said it was a very serious attack on critical infrastructure in New Zealand.
"A distributed denial of service attack (DDoS) works by overloading traffic to internet sites eg web servers, etc. This means the web servers cannot service transactions normally and this is clearly a huge issue for a trading site where timing and assurance that transactions have completed are both critical. Attackers normally infect large numbers of 'innocent' computers with malware, turning them into 'bots' that can be instructed to keep trying to access the affected site. It’s like large numbers of people all shouting at you at once – you can’t distinguish the real messages from the false ones."
He said the way to tackle it would usually be to shut down the bots – perhaps by getting users to update their security patches and delete malware – or block the IP addresses of the bot machines using a firewall.
"Because this is coming from overseas, the first option is difficult although there will be communication with legitimate ISPs and governments overseas. For the second option, Spark will be looking at network traffic to identify sources and block them. Sophisticated attackers will be changing the IP addresses of the attacking computers, potentially via virtual private network software, turning them on and off and also adding new ones.
"GCSB will be involved along with CERT in trying to identify the source of the attack. Unfortunately, the skills and software to do this are widely available and the disruption of Covid and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual.
"These sort of attacks can be mounted by governments or private criminal gangs. Recently, Australia has pointed the finger at the Chinese government for similar attacks; the Chinese government has strongly denied this. As yet, there is no evidence that this attack is by an overseas government. Criminal gangs, especially if they are based in poorly-regulated countries, can use these attacks to demand ransoms.
"This is not an issue around New Zealand computers being vulnerable to security breaches, but it is worth checking that anti-virus and security patches are up to date, and that people running websites, etc. notify their ISP if there is unusual activity."
« [OPINION] The industry needs to shift focus from ‘what you need to do’ to ‘how will you do it?’ | Mann on a mission to diversify financial advice » |
Special Offers
Comments from our readers
No comments yet
Sign In to add your comment
Printable version | Email to a friend |