Kiwi Stock Exchange DDoSed Again and Again (and Again)

NZX, the stock exchange in New Zealand, has been suffering denial-of-service attacks for most of the week. The land of the long white cloud seems to have a powerful enemy.

Trading has been halted. Although the DDoS is only affecting NZX’s website, the attacks are preventing buyers and sellers in the market from being informed.

DevOps Connect:DevSecOps @ RSAC 2022

NZX says the attack is “from overseas.” People are pointing to November’s ransom threat in the name of Fancy Bear (aka APT28, aka the Russian GRU).

But others are blaming the Chinese Communist Party, because … well, because of course they are. In today’s SB Blogwatch, we break out the mint sauce.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: ARPAnet origins.

Aotearoa Attack

What’s the craic? Nikhil Kurian Nainan, AK Pranav and Rushil Dutta report—“New Zealand’s stock exchange hit by second cyber attack”:

 Trading on New Zealand’s stock exchange was halted for several hours on Wednesday after what appeared to be a second offshore cyber attack in as many days.

The cyber attack was similar to one late on Tuesday, the bourse said, where its network provider faced a [DDoS]: “NZX’s network provider continues to investigate the source of the issue. We will provide further information once available.”

And Aunty Beeb’s anonymous scribblers scribble thuswise—“New Zealand stock exchange halted … two days in a row”:

 The exchange said the attack had “impacted NZX network connectivity” and it had decided to halt trading in cash markets … on Tuesday. … Trading halted briefly for a second time on Wednesday [for 3½ hours] the exchange said.

Genuine traders may have had problems carrying out their business. But it does not mean any financial or personal information was accessed.

New Zealand cyber-security organisation CertNZ issued an alert in November that emails [claiming] to be from well known Russian hacking group Fancy Bear … were being sent to financial firms threatening DDoS attacks.

And then the third and fourth shoes dropped. Let’s tune in to Radio New Zealand—“NZX reopens after fourth outage”:

 The company had said earlier that it had strengthened its defences against the attacks with the help of its host company [and] outside consultants including the Government Communications Security Bureau.

The NZX website has been the subject of [DDoS] attacks. … Share trading has been halted because investors could not see up to date company announcements leading to an “uninformed market.”

So Auckland University of Technology’s Prof. Dave Parry is channeled by Martin Farrer, in “overseas DDoS bombardment”:

 Parry … said it was a “very serious attack” on New Zealand’s critical infrastructure. He warned that it showed a “rare” level of sophistication and determination.

“Unfortunately the skills and software to do this are widely available and the disruption of Covid and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual.”

Interesting point; that’s worrying. Nick Turner picks up the WFH angle and runs with it:

 [This] is yet another reminder that remote work security challenges need to be addressed as a priority. Local governments and cities need to act fast, or risk putting their constituents’ health, safety, lives and most sensitive data at risk.

[They are] sitting ducks, lacking the right infrastructure and technology to protect themselves against an attack, as hackers look to seize critical data and take hostage over systems for hefty ransoms – or simply … cause chaos.

From a hackers’ perspective, local governments and mission critical organizations are at their most vulnerable … as a result of the pandemic.

But why? Could it be another country is jealous? jellomizer thinks so:

 New Zealand is one of the few countries that hasn’t gone all stupid in the past few year. Strong informed democracy, a leadership that takes measured and reasonable courses of action targeted to the benefit of its citizens. A culture that in general accepts diversity and welcomes it.

That means people see them as a threat and will try to disrupt them in any way possible. Because you can’t have a beacon of sanity in a world of chaos.

Is this sort of thing rare? Eamon Barrett says no—“Attacks on stock exchanges aren’t uncommon”:

Last year the Hong Kong Stock Exchange and Clearing (HKEX) … suffered a DDoS attack. The exchange was forced to suspend trading for half a day, although HKEX CEO Charles Li said the suspension was due to a software glitch rather than the work of hackers.

In January, the London Stock Exchange also said that a brief outage last August was caused by a software glitch rather than the work of hackers. Overall trading on both platforms resumed as normal once the issue was resolved.

Who’s to blame? Christopher Burgess has a perp in mind—“China: A CCP-Driven Global Threat Actor”:

 In his essay, “Emphasizing and Strengthening the Party’s Ideological Work,” … Huang Xianghuai of the CCP Central Committee Party School … bluntly details how the external messaging and the internal messaging of the CCP are at odds with each other: The former calls for peace and harmony, while the latter colors the relationship with the outside world in dark tones.

China’s appetite for taking what it needs is sufficiently evident with the series of arrests, indictments and research reports that highlight the theft of intellectual property from the west. For example … in June … Australia saw its government and industry being subjected to a sustained cyber offensive. Canberra issued a warning and advisory to the country, with an unambiguous attribution pointing to China as the aggressor.

One should believe China will do exactly what it says it will do. The bottom line is, China’s actions are driven by the CCP, and industries and government alike should continue to be alert to the targeting of their personnel, technology and intellectual properties.

There is no expectation that China will take its foot off the gas in its efforts to aggressively acquire intellectual property and technology it determines it needs for its own purposes. It is your information—protect it.

This Anonymous Coward agrees: “I’m convinced China is behind the attacks”:

Why? Because the NZ government has been critical of the authoritarian, murderous lying Chinese government—that’s why.

Left, right, centre, flying unicorn, wherever you stand: If you criticize China, you are going down.

Meanwhile, as your humble blogwatcher compiles this foolishness, NSX’s website is down again:

 This site can’t be reached. unexpectedly closed the connection.


And Finally:

Millennials! Stop believing myths about the internet

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Your humble blogwatcher (cc:0)

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 370 posts and counting.See all posts by richi