“There are limits to what I can say today about the action the government is taking behind the scenes due to significant security considerations,” Robertson said. “We as a government are treating this very seriously.”
NZX opened at 1 p.m. local time on Friday, three hours later than normal because of what the exchange has described as a “sophisticated and severe” distributed denial of service (DDoS) attack.
Trading was first halted at about 4 p.m. local time on Tuesday, with disruptions to debt, equities and derivatives markets continuing on Wednesday and Thursday. The exchange’s website was not accessible after the close of trading on Friday.
“Given that this is an ongoing response, NZX will not be providing detail on the nature of the attacks or counter-measures,” NZX CEO Mark Peterson said in a statement. “This is a systems connectivity issue not a data or communication integrity issue.”
NZX hosts many of New Zealand’s largest companies, including Fonterra Co-operative Group, which produces over 2 billion liters of milk every year and is the world’s largest dairy exporter. Overseas investors owned roughly 40% of the equities market as of December 2018.
The motive for the attack on New Zealand’s stock market remains unclear and the exchange has not provided further details.
”One reason why DDoS attacks are so inexpensive is that more and more people that offer DDoS-for-hire services are leveraging the scale and bandwidth of public clouds,” said Juta Gurinaviciute, chief technology officer at NordVPN Teams, the cloud-based network provider.
The attacks have also become more sophisticated, according to Satnam Narang, a research engineer at cyber security company Tenable. As financial organizations rely more on connected devices -— the so-called Internet of Things — cybercriminals can target vulnerable devices to launch stronger DDoS attacks, he said.
— Laura He and Isaac Yee contributed reporting from Hong Kong.