New Zealand’s stock exchange suffered its second distributed denial-of-service (DDoS) attack within a matter of two days.
According to Reuters, cash market trading on the floor of the New Zealand’s Exchange (NZX) came to a halt at 11:24 local time on August 26. Trading resumed several hours later at 15:00 local time, though additional disruptions occurred during the day’s final hour of trading.
NZX’s website and market announcements platform also experienced some issues during that time frame.
In an emailed statement obtained by Reuters, the exchange said that it was still in the process of investigating what had happened and that it would provide additional details once it had learned more.
Reuters reported that Wednesday’s disruptions were similar to those that affected NZX a day earlier.
These disruptions traced back to a DDoS attack, as officials at the stock exchange explained in a memo:
Yesterday afternoon NZX experienced a volumetric DDoS (distributed denial of service) attack from offshore via its network service provider, which impacted NZX network connectivity. The systems impacted included NZX websites and the Markets Announcement Platform. As such, NZX decided to halt trading in its cash markets at approximately 15.57. A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic. The attack was able to be mitigated and connectivity has now been restored for NZX.
Dave Parry, professor in the computer science department at Auckland University of Technology, told The Guardian that these incidents together constituted a “very serious attack” against New Zealand’s critical infrastructure and displayed a “rare” level of sophistication and determination among malicious actors.
The attacks against NZX serve as a reminder for organizations to defend themselves against a DDoS attack. One of the first things they can do is to familiarize themselves with the signs of an DDoS campaign that’s in progress. They should also have a plan in place to address an attack in real-time.