NZX New Zealand stock exchange suffers multi-day DDoS attack

Puzzlement among security experts that the bourse was unable to defend itself against the reoccurring attack.

security threat / hacker / attack
Undefined Undefined / Getty Images

The New Zealand srtock exchange NZX’s website was down Tuesday afternoon, Wednesday, Thursday, and again on Friday last week—in the middle of earnings season. The cause: a series of sustained DDoS attacks.

Other than short statements that it has been the subject of a sustained and reoccurring DDoS attack, NZX has been pretty quiet about what’s happening. This has left media to seek views from qualified cyber security observers who appear, in general, to be a little shocked by what’s going on.

Here’s what University of Auckland Professor Giovanni Russello, an expert in cyber security, had to say when Computerworld New Zealand asked for his reaction:

The main surprise for me is that NZX has done nothing to protect themselves from this attack to reoccur. I am not sure why this has not been deployed. If they have then it means that the attack is very sophisticated and state actors can be behind it—but not sure which country. To be honest, I do not believe that NZX is a very high-profile target. It could also be that this is just a training attack to go after more valuable targets (not necessarily here in NZ).

This kind of attack is very simple to mount but not so simple to protect against unless you use specific solutions: mainly you need to build redundant systems and have a filtering mechanism to block malicious traffic as far away as possible from your network.

Russello also noted that there are New Zealand companies that can protect against malicious traffic such as what appears to be affecting the NZX.

CERT NZ deputy director Declan Ingram said the CERT (Computer Emergency Response Team) doesn’t comment on specific attacks, even confirm or deny if they’re involved, because it’s important that organisations come to them in confidence. But he did provide advice for organidations under DDoS attack:

Every technical system has a limit to what it can process, and what it can manage and if you’re in a situation where your devices are getting overloaded, that’s when you’re going to have a denial of service attack.

If you don’t have anything in place and you are just getting flooded, what do you do? You call your internet service provider, or you call your upstream provider, and you see if you can get your traffic routed through them.

Exactly what they do will depend on what type of attack it is. Different traffic has a different footprint that can be handled in a different way. If it is just the traffic to your website, you could put in a cloud proxy and redirect it all through there—different specific technical solutions to different technical scenarios but the same principles apply. You need to get that scrubbing [determining if the packets of data are malicious and dropping them so only the “good” traffic gets through] happening and you need to push that out as far away from your infrastructure as possible.

Also, if the people attacking you are asking for money to stop the DDoS attack, don’t pay. That’s what CERT says.

Copyright © 2020 IDG Communications, Inc.

8 pitfalls that undermine security program success