Cyber Incident Victim: New Zealands stock exchange
Date:
Aug 2020
Location:
New Zealand
Summary
New Zealand's stock exchange faced repeated distributed denial-of-service attacks over two days, forcing multiple halts in trading across its cash markets, main board, debt market, and Fonterra Shareholders Market. The volumetric attacks, originating offshore via its network provider, disrupted connectivity and impacted critical systems including websites and the Markets Announcement Platform. Services were restored following mitigation efforts after each incident, with operations resuming normal trading once connectivity was reestablished. The exchange maintained communication with market participants throughout the disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 25, 2020, New Zealand’s stock exchange (NZX) experienced a volumetric distributed denial-of-service (DDoS) attack originating offshore through its network service provider. The attack disrupted NZX’s network connectivity, impacting its public websites and Markets Announcement Platform, which disseminates real-time market data, stock quotes, and regulatory announcements. At approximately 15:57 local time, NZX halted trading across its cash markets due to these disruptions. The exchange mitigated the attack and restored connectivity, allowing normal operations to resume. The following morning, August 26, NZX faced a recurring DDoS attack at 11:14 AM, again affecting its websites and announcement platform. This forced a second trading halt across the NZX Main Board, NZX Debt Market, and Fonterra Shareholders Market. Connectivity was restored by 3 PM that day, resuming regular trading activity. NZX publicly attributed both disruptions to offshore-originating volumetric DDoS attacks but did not identify specific threat actors or attack methodologies. Throughout the incidents, NZX maintained communication with market participants, acknowledging their cooperation during the outages.
The attacks caused two separate multi-hour trading suspensions over consecutive days, directly impacting New Zealand’s capital, risk, and commodity markets. While NZX did not disclose financial losses specific to the exchange, the article references Kaspersky Lab estimates indicating DDoS incidents cost large organizations an average of $2 million per attack in service restoration expenses. The incident occurred amid global law enforcement actions against DDoS-for-hire services ("booters" or "stressers"), including Operation Power Off, which had previously disrupted major platforms like WebStresser. Dutch authorities had taken down 15 such services in April 2020 through international collaborations with Europol, Interpol, and the FBI. Though no direct link was established between these operations and the NZX attacks, the article notes the high probability of attackers utilizing similar DDoS-for-hire services based on the attack pattern. NZX implemented immediate mitigation measures through its network provider during both incidents but did not disclose technical details of these countermeasures or any long-term security adjustments.