Not long ago, New Zealand’s biggest stock exchange NZX Ltd. was subjected to a massive cyber-attack. The problem was first noted by the traders when the stock exchange started to slow down. Gradually, it started to crash so often that it seemed impossible to post any new marketing announcement. Within an hour, the news spread far and wide, and the management decided to shut down the operations. The hackers sent threatening emails to the chief employees like the head of IT and other departments before the attack was launched.

These extortion emails contained a Bitcoin address and asked the victims to transfer money quietly and without getting caught. When the chaos was over, the nature of the attack was identified as a DDoS or Distributed Denial of Service. It is considered to be an outdated method of conducting attacks. However, in this particular case, the attackers managed to shut down the entire stock exchange market for four days with small intervals of functionality in between.

New Zealand Stock Exchange Authorities are being Criticized for not Prepared for such a Simple Hack Attack

DDoS has been around as long as 1999. However, since its conception, it has become more sophisticated. In 2020 about 4.8 million DDoS attacks were launch, and they have affected more than 100 organizations. Some affected organizations include Travelex in the United Kingdom, YesBank in India, and Meteorological service in New Zealand. These hacks target the machines that are connected by the internet. Therefore, it becomes possible for the attackers to overwhelm the servers of any enterprise, such as a busy stock exchange.

However, the financial stakeholders claim that the New Zealand authorities could have prepared for a better solution as these types of attacks are pretty common. When the stock exchange servers were hit by the massive traffic coming from the botnet army, the exchange servers did not have enough bandwidth to sustain the traffic and remain functional. Some relief during the attack was salvaged as the Stock Exchange moved its center of data from servers to cloud storage. However, a 4-day lapse is a considerably huge lag for any stock exchange. 

Cybersecurity Companies Claim that New Zealand is Behind about 10 Years in Digital Defense Capabilities

As per the remarks of Jeremy Sullivan, a DDoS attack is like invading a bank with a hammer and getting away with the robbery. Sullivan is an investment advisor. Jeremy Jones, a cybersecurity consultant, based in Auckland, remarks that such types of attacks are expected to happen as New Zealand has huge dependability on internet services is a decade behind in terms of cybersecurity measures compared to the United Kingdom and Europe.

These attackers are still on large, and they have identified themselves as Lazarus, Armada Collective, and FancyBear. All of these hacking groups are notorious and use cryptocurrency payment methods to get away with extortion money. Since the lack of DDoS defense capabilities at NZX Ltd., a massive disruption was created. These attackers thought to be centered somewhere in Eastern Europe. New extortion emails have come to light claiming that the victims should pay up if they do not wish to end up like the New Zealand Stock exchange.