New Zealand stock exchange has reportedly asked the country’s communications security bureau (GCSB) to help with DDoS attacks after the NZX website today crashed for the fourth day in a row.
The government is getting spy agencies involved and has activated the national security systems, whose duties include protecting New Zealand from cyber-borne threats. The action aims to support the bourse amid reports that the hackers are believed to be demanding massive cryptocurrency ransoms.
Finance Minister Grant Robertson said on Friday that they “recognise that it is important that the Government works with private companies like them when they are faced with issues like the cyber-attack they are currently experiencing.”
Although he denied being aware of any ransom demands, but Robertson directed the question towards the GCSB and elaborated that “There are limits to what I can say today about the action the government is taking behind the scenes due to significant security considerations.”
Stock exchange operator said its networks crashed and trading on the NZX Main Board, NZX Debt Market and Fonterra Shareholders’ Market was halted due to connectivity issues relating to two cyber attacks.
The NZX added that the attack was a malicious attempt from overseas to disrupt normal traffic of the exchange’s server with a flood of Internet traffic. NZX spotted a spike in traffic on Tuesday and Wednesday and the number of connections attempting to reach its cash markets was enough to temporarily disrupt its activity.
So far, there is no clarity on who is behind the offshore attacks, but previous reports suggested that many financial firms, including the NZX, received extortion emails earlier this year. The hacking group demanded a ransom to avoid attacks and claimed to be working for Fancy Bear, which thought to be linked to Russian spy agencies.
Despite the ongoing development in stock exchanges’ technical infrastructure and engineering staff, the latest incident reminds traders that access to even major platforms may become degraded or unavailable during times of significant volatility or cyber-attacks.