August 28, 2020
Spooks called in as cyberattacks again halt NZ stock exchange
New Zealand's spy agency has been brought in to help fight back against cyberattacks that crippled the country's stock exchange for a fourth straight day on Friday.
Finance Minister Grant Robertson said the Government Communications Security Bureau (GCSB) intelligence agency had joined efforts to contain the threat, which market operator NZX claimed was foreign-sourced but provided no further details.
"There are limits to what I can say about what action the government is taking behind the scenes due to significant security considerations," Roberts told reporters.
"But we are aware of the impact this is having on the market and officials have been working with the NZX.
"Ministers have asked the GCSB to assist, and the National Cyber Security Centre within the GCSB are assisting."
He added that the National Security System—which is intended to ensure a coordinated response between intelligence agencies and government during a crisis—had been activated.
"The GCSB's capability is the thing that is in play here, they know a lot about cyberattacks," he said. "We can apply that capability to a company (NZX) who obviously have a critical role."
Experts have told local media that possible perpetrators include a state-sponsored incursion, online activists with an anti-capitalist agenda such as Anonymous, or a criminal enterprise seeking a ransom.
Asked if NZX had received a ransom request, Robertson replied: "I'm not aware of that, that's something you'll have to take up with GCSB."
The GCSB declined to comment.
Regulators from the Financial Markets Authority (FMA) said the exchange had told it that investors' data had not been compromised.
"In the circumstances, the FMA supports the decisions of NZX to halt trading, for periods where issuers are unable to release information to the market," the agency said.
Sean Duca, a Sydney-based regional chief security officer at Palo Alto Networks, said the fact that top officials had activated the crisis plan showed the seriousness of the situation.
"The ramifications are not just significant to the financial sector, it's more the fact that someone's targeting something of national interest, that's part of the country's critical infrastructure," he said.
Such infrastructure includes systems that provide essential services such as the electricity grid, communication networks and transport providers.
"Attacks like these are a bit of a wake up call to organisations... and maybe they say OK let's do something now, Duca said.
Rizwan Asghar, of Auckland University's school of computer science, said 'denial of service' (DDoS) attacks, which bombard systems with data requests or traffic, occurred regularly but were usually contained by the target's security systems.
He was not aware of a critical piece of infrastructure such as NZX experiencing such comprehensive security failures over such a long period.
"On day one, I wasn't surprised, these attacks are pretty common," he told AFP.
"The second day I was surprised it was still happening, but having four days in a row. It's very concerning that they can't deal with this amount of attack traffic."
Asghar said the source of DDoS attacks was hard to track because the culprits used vulnerable computers then wiped their activity logs, so even the owners may not know their machine had been used for illegal purposes.
He said the NZX outages showed the need for governments to build proper security into critical infrastructure systems before cyberattacks occurred.
"Often those things will happen and they'll say 'we need to get some security, but security is not an add-on, it's not something you can plug and play right away," he said.
"We need to invest in security and take a proactive approach, not just reactive.
© 2020 AFP