A cybersecurity attack on the New Zealand stock exchange has led two cybersecurity experts to underline its impact on critical infrastructure.
In a statement, the stock market blamed the attack on overseas hackers, saying that it had “experienced a volumetric DDoS attack from offshore via its network service provider, which impacted NZX network connectivity.”
Cath Goulding, CISO of Nominet, said: “The DDoS attack on the New Zealand stock exchange is an incredibly serious incident that shows just how much havoc hackers can cause on a national scale, even with attack techniques that are relatively well known.
“There are suggestions that nation state hackers are behind this attack. Whether they are or not, it demonstrates how cybercrime can hit right at the heart of a country’s operation.
“While a stock exchange might not be what we traditionally consider to be ‘critical national infrastructure’ – it is critical to the economy. Any downtime at all is putting millions of dollars at stake and in this instance, it was brought offline two days in a row.
“Above all this raises the issue to countries and governments around the world that critical financial services need to be treated as an extension of government security. They should be given the utmost help and support from security agencies to protect them and help mitigate damage to the economy.”
John Hultquist, Senior Director of Analysis, Mandiant Threat Intelligence, said: “The incident in New Zealand underscores the threat of disruption to critical financial infrastructure.
“Destructive or disruptive attacks against exchanges could have cascading effects across the economy and ultimately this approach may be more successful than attacks on the energy sector and other industries.
“Iranian actors have carried out denial of service attacks against the financial sector in the past but did not target exchanges or succeed in seriously disrupting major financial sector processes such as securities trading.
“We have seen hacktivist actors in Indonesia target exchange related websites in 2018, but we’ve seen no evidence that these incidents disrupted trading.”