Geo Political Risk

[Davexl]

From Business Desk.

NZX was the victim of an offshore internet attack which closed down trading just before 4pm this afternoon.
Internet provider Spark said in a statement NZX experienced a "volumetric DDoS (distributed denial of service) attack" from offshore, which impacted NZX system connectivity.
As a result NZX decided to halt trading in its cash markets at approximately 15.57.
A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic.
Spark said the attack was able to be mitigated and connectivity has now been restored for NZX.
At its premature close the S&P/NZX 50 Index was trading at a near to a record high.
The outage resulted in brokers being unable to access NZX’s systems or data via the internet.

Probably just a trial run eh ?

Thanks Peat - looks like someone didn't pay for their Cloudflare subscription, or all the Telco security gurus have buggered off to live in Vancouver...
Two of my senior security professionals from my own Telco / network security days did just that!

[peat]

yeh I almost mentioned cloudflare and whether it had been deployed - as I had seen it used by crypto mining websites - they were constantly being bombarded

[peat]

Probably just a trial run eh ?

I wasnt kidding and neither are they

[peat]

Hey peat, where are you getting that from? It's not what Spark are saying.

heres an up to date freebie that they have offered so kindly.
https://businessdesk.co.nz/article/m...complex-attack

[Cyclical]

heres an up to date freebie that they have offered so kindly.
https://businessdesk.co.nz/article/m...complex-attack

Thanks. No where in there does it say the attack was targeted at Spark and not NZX...perhaps earlier releases were a bit hasty.

"The exchange’s network service provider, Spark New Zealand, said yesterday’s attack targeted NZX but that the scale saturated its internet traffic and caused connectivity issues for some other customers."

It's certainly malicious and pretty concerning. Will be interesting to hear what conclusions, if any, are drawn on the motive. It's a reminder that we are pretty isolated here in little wee NZ and it doesn't take a lot to disrupt our connectivity with the rest of the world.

[peat]

not being able to transact for a few hours shouldnt matter to most portfolios
and they have clearly stated that it didnt penetrate their systems

[Zaphod]

Thanks. No where in there does it say the attack was targeted at Spark and not NZX...perhaps earlier releases were a bit hasty.

"The exchange’s network service provider, Spark New Zealand, said yesterday’s attack targeted NZX but that the scale saturated its internet traffic and caused connectivity issues for some other customers."

It's certainly malicious and pretty concerning. Will be interesting to hear what conclusions, if any, are drawn on the motive. It's a reminder that we are pretty isolated here in little wee NZ and it doesn't take a lot to disrupt our connectivity with the rest of the world.

Despite our geographic isolation and relative neutral political position, we are a key member of the five eyes network and have recently criticised the actions of specific countries, which makes the country a target for international actors. Attribution is however always difficult.

not being able to transact for a few hours shouldnt matter to most portfolios
and they have clearly stated that it didnt penetrate their systems

This could be regarded as a clear warning shot across our collective bow, or it could be a warm up exercise. Denying access to the NZX on an ongoing basis would be severely detrimental to the country.

[GTM 3442]

The first DDOD attack was reported by Stuff as "On Tuesday afternoon the NZX was brought to an abrupt halt just before 4pm due to a major power outage caused by a distributed denial of service (DDoS) attack from overseas"

My reading of this is that the New Zealand electricity distribution system was successfully attacked, resulting in power outages.

However I have not seen any other references to " . . a major power outage" anywhere else, but I have not seen a correction to the Stuff story either.

So possibly Stuff staff are writing about something outside their (and their source's) field of expertise.

Once upon a time, New Zealand could rely on geography as a form of defence. Now, New Zealand is just a node on a global network. And one node leads to another. . .

Personally, I suspect that the NZX is incidental, and that the real point of the exercise is to examine the speed, quality, and effectiveness of the response.

[peat]

This could be regarded as a clear warning shot across our collective bow, or it could be a warm up exercise. Denying access to the NZX on an ongoing basis would be severely detrimental to the country.

yeh I said the first was a trial run before the second was reported.

[Zaphod]

The first DDOD attack was reported by Stuff as "On Tuesday afternoon the NZX was brought to an abrupt halt just before 4pm due to a major power outage caused by a distributed denial of service (DDoS) attack from overseas"

My reading of this is that the New Zealand electricity distribution system was successfully attacked, resulting in power outages.

However I have not seen any other references to " . . a major power outage" anywhere else, but I have not seen a correction to the Stuff story either.

Power networks are usually attacked via network infiltration rather than a raw DDoS attack. Conceivably if some component of the power network was internet facing (I'm struggling to think of an example though) a DDoS could result in an outage, but I think this is extremely unlikely especially when coupled with the lack of any publicly reported incidents of mass outages.