New Zealand’s stock exchange suffered a fourth day of disruption on Friday as cyber attacks from abroad prevented trading.
The NZ$204 billion ($184.79 billion) market, which is nearing a record high, has been the target of distributed-denial-of-service attacks that have overwhelmed its website and forced trading halts since Tuesday. The exchange failed to open at 10 a.m. this morning despite assurances from operator NZX that it would. Trading finally began three hours later at 1 p.m.
New Zealand authorities haven’t commented on the suspected source of the attacks, which flood a network with Internet traffic and disrupt services, other than saying they originate from offshore. Security intelligence company Akamai warned earlier this week that extortionists claiming to be the Russian-linked hacking group Fancy Bear have recently been sending ransom letters to companies in finance, travel and e-commerce in the Asia Pacific, US and UK demanding payments to stop attacks.
The NZX is among companies targeted, the ZDNet website reported, citing an unidentified source in the DDoS mitigation field.
NZX has declined to comment on whether any demands have been made. The disruptions are frustrating investors who were unable to trade amid a busy company earnings season.
The outages are “hugely disruptive for everyone,” said Michael Midgley, chief executive officer of the New Zealand Shareholders’ Association. “Our main concern, aside from any attempted incursion, is that it is potentially damaging to information flows. In the Covid world the audience is keenly watching to see how reported data relates to forecasts.”
The market lost an hour of trading on Tuesday, three on Wednesday and almost six hours yesterday from the repeat attacks. The benchmark S&P/NZX-50 index was up 0.2% at 12,053 when trading stopped Thursday, closing in on a record high of 12,073. It fell 0.3% when trading resumed Friday.
“It is pretty disappointing,” said Mike Taylor, chief executive officer at Pie Funds Management in Auckland. “The longer it continues, the more disruptive and less confidence there is around the cyber security of the exchange.”
The NZX said it was working with national and international cyber security partners including the Government Communications Security Bureau to address the issue. The GCSB didn’t immediately respond to a request for comment.
Russian Group
In November, government cyber security agency CERT NZ said it had received reports of extortion emails targeting companies within the financial sector in New Zealand. It said the emails claimed to be from a Russian group called “Fancy Bear/Cozy Bear” and demanded a ransom to avoid denial-of-service attacks.
CERT said its policy was not to comment on any particular incident or to confirm or deny its involvement.
“Any incident is a good reminder about the importance of cyber security,” CERT Deputy Director Declan Ingram said in an e-mailed statement. “The cyber threat landscape is ever changing so it’s important that organizations keep themselves up to date with what is happening and what they can do to protect themselves.”
The Financial Markets Authority, which regulates NZX, yesterday said it was monitoring the incident. It didn’t immediately respond to requests for further comment today. Spark New Zealand, which is NZX’s internet service provider, also didn’t immediately reply to e-mailed questions.