/cloudfront-ap-southeast-2.images.arcpublishing.com/nzme/6DP5UQ3J5JCAFHHY5EYOSDQIFU.jpg)
[ad_1]
The NZX confirms that it has written at Akamai Technologies, the multinational content distribution network giant, as the Herald first reported.
NZX chief Mark Peterson said this morning that the exchange “continues to work closely with its network service provider, Spark, and national and international cybersecurity partners, including the Government Communications Security Office ( GCSB), as it has from the beginning, has also been working with Akamai Technologies, one of the world’s leading cyber defense experts, to implement additional measures. “
Akamai is not perfect. An angry Spark whistleblower pointed the finger at the American company after Spark Sport’s transmission failure in the first half in the key All Blacks-South Africa group stage clash during the Rugby World Cup.
But it has high capacity and sophisticated defenses, which should help the NZX defend against any renewed DDoS (distributed denial of service) attacks.
And Finance Minister Grant Robertson confirmed late Friday that the government had directed the GCSB to assist the exchange as well, which could further bolster its defenses (although the spy agency’s main cyber defense system, Cortex aims to stop break-ins rather than a DDoS-style attack, where thousands of hijacked computers are used to overwhelm a website with connection requests, forcing it to disconnect.)
The NZX now appears to have six nameservers on the Akamai network. Previously, the servers running the computers nzx.com searched were on the same network on Spark, and there were only two of them.
Although it has not publicly commented on the NZX attacks, Akamai has said that several attacks on financial institutions in Asia-Pacific are the work of a group posing as the Russian cyber gang known by various names, including Cozy Bear.
Crown cybersecurity agency Cert NZ issued a warning about Cozy Bear targeting New Zealand financial institutions with DDoS attacks in November last year.
What exactly was attacked
The stock exchange operator has also provided more details on its four days of outages last week.
Communications manager David Glendining told the Herald that it was important to note that NZX’s core trading and settlement systems (the X-Stream platform, licensed from Nasdaq) were not affected by the DDoS attack.
Rather, the attack overwhelmed its NZX.com website and its Market Announcement Platform (MAP), meaning investors were unable to view the company’s advertisements in real time, in accordance with the exchanges’ regulatory requirements. for continuous disclosure to all market participants at the same time. hour.
Peterson said this morning that the exchange has reached an agreement with the Financial Markets Authority for contingency arrangements that will allow investors to continue accessing market announcements, even if the NZX.com website goes down again.
The contingency arrangements were not immediately detailed.
Who is behind the attacks?
Some experts, including NortonLifeLock’s Mark Gorrie, have speculated that the attacks on the NZX could be an extortion attempt for profit, and the hackers are demanding a ransom to stop it (the NZX has declined to comment on that point).
Others have seen a possible state actor involved following the wide-ranging cyberattacks in Australia.
A former Spark manager even theorized that the attacks on the NZX, which coincided with Brenton Tarrant’s sentencing, were revenge against Spark and other ISPs who blocked the controversial 4Chan and 8Chan sites in the wake of the shootings at the mosque in Christchurch.
And AUT computer science professor Dave Parry says it could just be an amateur hacker proving his skills, though he also acknowledged that the repeated nature of the attacks pointed to a possible extortion attempt. Parry saw the NZX in a four-day “arms race” with its attacker, an area where Akamai’s big guns should help.
Whatever the attacker’s motivation, they caused no economic damage to New Zealand last week.
Despite a very disturbed few trading days, the local NZX 50 was up 2.2% for the week and also surpassed its pre-Covid closing high in February, notes Shane Solly of Harbor Asset Management.
What is a DDoS attack?
Security firm NortonLifeLocks says criminals prepare for a DDoS attack by taking over thousands of computers. They are often called “zombie computers.” They form what is known as a “botnet” or botnet. These are used to flood specific websites, servers, and networks with more data than they can accommodate.
A “volumetric” or volume-based DDoS attack, which was apparently the variant that hit the NZX, sees large amounts of traffic sent to overwhelm a network’s bandwidth, NortonLifeLock says.
The company says that a DDoS attack must be repelled at the Internet service provider level (this often involves temporarily blocking traffic from certain IP addresses).
But it is also a good idea to keep your security software up to date so that your PC does not inadvertently become part of a botnet attack.
The NZX did not immediately respond to questions about whether it had received any extortion lawsuits, whether its communications setup involved multiple providers for redundancy, and what steps were being taken to prevent another attack.
