[ad_1]
For most of the past week, the NZX had to go on hiatus due to persistent cyberattacks. Similar attacks against news websites have been reported today. So how did they get out basically unscathed?
The NZX stock exchange is a critical piece of the financial infrastructure, yet persistent cyberattacks have caused website crashes that led to operations being halted last week.
At the same time, similar distributed denial of service (DDOS) attacks have been launched against news websites Radio NZ and Stuff, with the possibility that others have also been attacked. And yet they don’t appear to have had any effect on either the site’s performance or the readers’ experience.
Radio NZ was not interviewed about the attacks, but gave a brief statement through a spokesperson. “RNZ has been the target of more than one cyber attack in the last 24 hours. We understand that this may have been the same group that has been attacking the NZX and that we are currently investigating. We do not have any further details at this time, however our site remains secure and this has not affected our audience. ”
However, technology experts believe that the different results may not be due to how the sites defend themselves behind the scenes, but rather the nature of the content that is loaded to them and the way they already handle traffic.
A DDOS attack basically involves sending an overwhelming volume of traffic to a website, which it cannot handle. These can come from anywhere in the world and often involve armies of bots or computers that have been taken over by viruses or malware. A DDOS attack is not a hack, as such, it is there where a malicious actor tries to gain unauthorized access to a computer or network.
AUT computer science professor Dave Parry said one of the main reasons trading had to be stopped on the NZX is due to financial information presented on the site. “The NZX constantly updates prices, all exchange rates and everything. That is why it is vitally important that you allow users to see these updates in real time.
“It is not attacking actual commerce, but the infrastructure that analyzes commerce and turns it into something that the website can possibly understand is also under attack,” he added.
In contrast, a media site is relatively static, so it is widely acceptable if it takes a few minutes to see new data. Parry said the NZX has legal and financial responsibilities to “serve everyone equally” in terms of the information it provides. “If it’s a trading website and you’re looking to sell your shares, especially if you’re competing with someone else to buy shares, and they can see the price before you, that’s a business advantage.”
News websites also have content that is uploaded regularly, but what goes up is very different. “If you download a page from Stuff, it might take you three or four minutes to read, but during that time, you’re not going to download anything else, you’re just reading that article,” Parry said. referring to the contrast with the more dynamic information of the NZX. Much of that data on news websites is also “cached”; in other words, they are stored so that users can more easily access them.
Dave Parry, Professor of Computer Science at AUT (included)
What if you are watching a video or listening to a podcast? Wouldn’t that require constant data transmission? Tech expert and digital plumber Ben Torkington explained that videos on websites are not actually stored on the website itself, reducing the weight of the data, but instead are distributed to providers known as content delivery networks. .
“The CDN provider has massive resources and can easily scale the ability to respond to DDOS attacks. Because the actual images and videos don’t change, there’s not even caching involved, it just hosts the image / video content on your CDN and links it directly into the content it serves, ”Torkington said.
Trading in the markets was able to take place today, despite the continuing attacks. In part, this was because NZX had secured the services of Akamai’s leading international CDN technologies.
The nature of the traffic that each type of site generally receives is also different. News websites will often have systems to deal with large volumes of readers arriving all at once; After all, the appearance of a DDOS attack is no different than a big news flash.
They will also be much more likely to see that most of their traffic is coming from New Zealand, rather than internationally, while much of the traffic on the NZX website is already coming from international merchants. Since DDOS attacks are overwhelmingly more likely to come from abroad, this can make it difficult to distinguish between what is legitimate and what is not.
So could the NZX have put systems in place to prevent DDOS attacks from bringing everything down? While the NZX has been investing heavily in its IT infrastructure in recent years, the analysis of Business desk suggests that it has not necessarily aimed to prevent DDOS attacks, but was more focused on improving the integrity of the trading platform itself.
“A lot of other sites deal with real-time data, not just the stock exchanges,” Torkington said. “Twitter and Facebook, for example, deal with data in real time and need to defend against DDOS attacks. It seems to me that the measures that NZX had in place simply were not sufficient for the scale of the attack mounted against them.
For Parry, the question of the scale of the attack is one of asymmetric warfare. “All of these things come down to the amount of effort you are willing to put in on defense, compared to the amount of effort an attacker is willing to put in. Once a DDOS attacker has infected a botnet around the world, it is virtually free to do that, and it can increase the numbers quite easily. While defense involves increasing capacity, possibly moving to the cloud, possibly having multiple sites set up, doing a lot of work on their firewalls and a lot of research work going on. ”
Parry says these attacks are common, but what’s interesting about this one on the NZX is that it has been going on for several days. “That tells me that the attackers have thought of some ways to change the fingerprint of the attacks, so it looks different each time. So your standard firewall, rather rudimentary measures, doesn’t work. “That implies a reasonably high level of sophistication behind the attacks.
So what is the point of doing it? Parry speculates that stopping trading on the NZX might not be the end goal and instead is about creating conditions that allow for something more sinister, and simply blocking the website would be a low on the list of potential risks. . The DDOS attack could be just to blind the target, so that more valuable information can be obtained.
“As soon as you start seeing these attacks, you immediately suspect that something else is going on as well. One of the first things they should say is that they should be very careful about a phishing attack or something like that. You may see emails saying ‘Can’t reach the NZX? We have a special route here, just click on ‘and whatever, that’s a phishing attack. Any interruption is always good for these attacks. ”
Spinoff Weekly collects the Week’s Best Stories – An Essential Guide to Modern Life in New Zealand, emailed on Monday nights.
[ad_2]
