New Zealand Stock Exchange Crashes for Fourth Day After Cyberattacks

August 27, 2020 Updated: August 27, 2020

WELLINGTON—New Zealand’s stock exchange crashed for a fourth day on Friday, due to network connectivity issues relating to two cyberattacks targeted at the bourse this week, bourse operator NZX Ltd. said.

There is no clarity on who is behind these “offshore” attacks and why New Zealand was targeted, but the repeated failure to stop them has raised questions about the country’s security systems, experts said.

NZX had said earlier that the exchange would reopen following measures put in place to maintain system connectivity after the offshore cyber attacks.

“We are currently experiencing connectivity issues which appear similar to those caused by severe DDoS attacks from offshore this week,” NZX said in a statement to Reuters.

Given the issue the pre-Open for the NZX Main Board and Fonterra Shareholders Market was extended, the bourse said. The NZX Debt Market was placed into a halt at 9:58 a.m. local time (2158 GMT).

NZX said later that the main board, debt market, and Fonterra Shareholders’ Market will resume trading at 1:00 p.m.

The exchange was hit by distributed denial of service (DDoS) attacks on Tuesday and Wednesday, forcing it to halt trading in its cash markets and disrupting operations in its debt market, Fonterra Shareholders Market and derivatives market.

New Zealand, a relatively small economy with a population of five million, is not often the target of such attacks but neighbouring Australia ramped up its cyber security this year after a rise in similar incidents.

Australia said it would spend A$1.66 billion ($1.19 billion) over the next 10 years to strengthen the cyber defences.

New Zealand’s central bank said earlier this year that cyber attacks could wipe out about 2 percent to 3 percent of the profits of the banking and insurance industries each year.

DDoS attacks are designed to overwhelm websites and internet servers through heightened traffic, until they can no longer cope with the scale of data requested.

“The first attack can happen anytime. But being attacked four days in a row raises some questions,” said Rizwan Asghar, School of Computer Science at University of Auckland.

“The real question is what are the resources allocated and threshold set for protecting against these attacks?”

By Praveen Menon