New Zealand Stock Exchange disrupted for third day following cyber attack

NZX says it is experiencing DDoS attacks originating abroad

The New Zealand Stock Exchange (NZX) was forced to halt trading for a third day in a row on Thursday after being hit by another cyber attack.

According to CNBC, trading was stopped around 11:10 am local time due to "network connectivity issues".

"NZX is currently experiencing network connectivity issues. The NZX Main Board, NZX Debt Market and Fonterra Shareholders Market are currently halted. Further information will be provided soon," NZX stated on its website.

The disruptions come at the time when many firms are reporting their first annual results since the start of the Covid-19 pandemic.

On Tuesday, NZX said it experienced a distributed denial of service (DDoS) attack from abroad, affecting the final hour of trading in its cash markets.

The stock exchange faced a similar attack on Wednesday. The attack caused the NZX website to go down at 11:24 am local time, but was back up and running before the end of the day.

In a DDoS attack, a heavy stream of traffic and information is delivered, usually through a network of hacked machines, to overwhelm the capacity of the target system. Such attacks often involve devices infected by malware, whose owners have no idea that they have become part of the attack.

In November, New Zealand's cyber security agency CertNZ released an alert warning that hackers were sending emails to financial companies, threatening them with cyber attacks if they did not pay a ransom. Those mails were thought to have come from Russian hacking group Fancy Bear. However, the hackers never followed through with their threat, according to CertNZ, beyond a 30-minute attack to scare firms.

NZX said yesterday that it was working with service provider Spark New Zealand to fix connectivity issues.

A spokesman for Commerce Minister Kris Faafoi said that the minister was "being kept updated on the situation".

On Wednesday, the Financial Markets Authority said: "NZX notified us of the incident last night, and we remain in close contact around this issue. We will support NZX wherever we can to assist them in operating safely and efficiently through this situation."

"Our ongoing review of NZX strategy and governance of technology is advanced and general cyber security resilience is being assessed as part of that process."