Thanks Peat - looks like someone didn't pay for their Cloudflare subscription, or all the Telco security gurus have buggered off to live in Vancouver...
Two of my senior security professionals from my own Telco / network security days did just that!
Printable View
yeh I almost mentioned cloudflare and whether it had been deployed - as I had seen it used by crypto mining websites - they were constantly being bombarded
heres an up to date freebie that they have offered so kindly.
https://businessdesk.co.nz/article/m...complex-attack
Thanks. No where in there does it say the attack was targeted at Spark and not NZX...perhaps earlier releases were a bit hasty.
"The exchange’s network service provider, Spark New Zealand, said yesterday’s attack targeted NZX but that the scale saturated its internet traffic and caused connectivity issues for some other customers."
It's certainly malicious and pretty concerning. Will be interesting to hear what conclusions, if any, are drawn on the motive. It's a reminder that we are pretty isolated here in little wee NZ and it doesn't take a lot to disrupt our connectivity with the rest of the world.
not being able to transact for a few hours shouldnt matter to most portfolios
and they have clearly stated that it didnt penetrate their systems
Despite our geographic isolation and relative neutral political position, we are a key member of the five eyes network and have recently criticised the actions of specific countries, which makes the country a target for international actors. Attribution is however always difficult.
This could be regarded as a clear warning shot across our collective bow, or it could be a warm up exercise. Denying access to the NZX on an ongoing basis would be severely detrimental to the country.
The first DDOD attack was reported by Stuff as "On Tuesday afternoon the NZX was brought to an abrupt halt just before 4pm due to a major power outage caused by a distributed denial of service (DDoS) attack from overseas"
My reading of this is that the New Zealand electricity distribution system was successfully attacked, resulting in power outages.
However I have not seen any other references to " . . a major power outage" anywhere else, but I have not seen a correction to the Stuff story either.
So possibly Stuff staff are writing about something outside their (and their source's) field of expertise.
Once upon a time, New Zealand could rely on geography as a form of defence. Now, New Zealand is just a node on a global network. And one node leads to another. . .
Personally, I suspect that the NZX is incidental, and that the real point of the exercise is to examine the speed, quality, and effectiveness of the response.
Power networks are usually attacked via network infiltration rather than a raw DDoS attack. Conceivably if some component of the power network was internet facing (I'm struggling to think of an example though) a DDoS could result in an outage, but I think this is extremely unlikely especially when coupled with the lack of any publicly reported incidents of mass outages.