Trading on New Zealand’s stock exchange was halted for several hours on Wednesday after what appeared to be a second offshore cyber attack in as many days, bourse operator NZX Ltd (NZX.NZ) said.
The incident in New Zealand underscores the threat of disruption to critical financial infrastructure. Destructive or disruptive attacks against exchanges could have cascading effects across the economy and ultimately this approach may be more successful than attacks on the energy sector and other industries. Iranian actors have carried out denial of service attacks against the financial sector in the past, but did not target exchanges or succeed in seriously disrupting major financial sector processes such as securities trading.
We have seen hacktivist actors in Indonesia target exchange related websites in 2018, but we’ve seen no evidence that these incidents disrupted trading.
Hackers are beginning to hit industries where it hurts. The last decade has seen the financial sector make a massive shift to automated trading including AI-powered technology to beat the markets. Unfortunately, that also means that an attack can have huge impacts as we saw here. Any industry that is transitioning to a total reliance on technology needs to make security a number one priority. This includes building it into the designs of their systems. The consequences of not doing so could be huge- both monetary and reputational.
The DDoS attack on the New Zealand stock exchange is an incredibly serious incident that shows just how much havoc hackers can cause on a national scale, even with attack techniques that are relatively well known. There are suggestions that nation state hackers are behind this attack. Whether they are or not, it demonstrates how cyber crime can hit right at the heart of a country\’s operation. While a stock exchange might not be what we traditionally consider to be ‘critical national infrastructure\’ – it is critical to the economy. Any downtime at all is putting millions of dollars at stake and in this instance it was brought offline two days in a row.
Above all this raises the issue to countries and governments around the world that critical financial services need to be treated as an extension of government security. They should be given the utmost help and support from security agencies to protect them and help mitigate damage to the economy.
This latest attack again highlights the risks posed by threat actors, who can use cyberattacks to try to cripple important financial infrastructure at a national scale. In this case, it’s likely attackers facilitated the DDoS style attack through the use of botnets. The evolution of attack types emitting from botnets has been rapid over recent years and is unlikely to slow down.
Financial services platforms are often robustly protected with an array of products and services attempting to prevent attack, penetration and denial of service, but in some situations a massive distributed denial of service attack cannot be immediately prevented or circumvented. These types of attack are also notoriously difficult to trace, so confidently assigning the blame for this may prove difficult, unless there was an associated extortion attempt.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics