In response to the attack, the New Zealand Stock Exchange issued a statement indicating that it had been targeted by a volumetric distributed-denial-of-service (DDoS) attack. The point of origin for the attack came from offshore, possibly from a nation state. The attack focused on the NZX system connectivity. As a result of the cyber-incident, the NZX elected to halt trading. According to Silicon Angle, a DDoS attack aims to disrupt service by saturating a network with significant volumes of Internet traffic.
Commenting for Digital Journal, Cath Goulding, CISO of Nominet notes that: “The DDoS attack on the New Zealand stock exchange is an incredibly serious incident that shows just how much havoc hackers can cause on a national scale, even with attack techniques that are relatively well known.”
In terms of attack origin, Goulding comments: “There are suggestions that nation state hackers are behind this attack. Whether they are or not, it demonstrates how cyber crime can hit right at the heart of a country’s operation. While a stock exchange might not be what we traditionally consider to be ‘critical national infrastructure’ – it is critical to the economy. Any downtime at all is putting millions of dollars at stake and in this instance it was brought offline two days in a row.”
As to what needs to be done, Goulding says: “Above all this raises the issue to countries and governments around the world that critical financial services need to be treated as an extension of government security. They should be given the utmost help and support from security agencies to protect them and help mitigate damage to the economy.”