The New Zealand stock exchange NZX Ltd. went offline for three days in a row due to a blow of successive cyberattacks. In a security alert, the bourse operator said that initially it had been hit by a distributed denial of service (DDoS) attack on August 25, 2020, from offshore, via its network service provider. The attack impacted the exchange’s network connectivity systems, including NZX websites and the markets announcement platform.
The trading halted temporarily for the second time, on August 26, 2020, after the second attack. In DDoS attacks, attackers try to overwhelm the target with useless traffic to obstruct the availability of services provided by the target.
“NZX decided to halt trading in its cash markets at approximately 15.57. A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic. The attack was able to be mitigated and connectivity has now been restored for NZX,” the NZX said in a statement.
Commenting on the incident, Satnam Narang, Staff Research Engineer from Tenable, said, “Stock exchanges are a critical function of national and global economies, making them an attractive target for cybercriminals. It is certainly concerning that a DDoS attack was successful at halting trading on the New Zealand stock exchange for multiple days, whether financial information was accessed. These events should serve as an alarm bell for the exchange to investigate its defenses against cyberattacks as well as launch a broader investigation into the strength of its overall security posture.”
Narang added, “Similar DDoS attacks have been attempted on other stock exchanges in the past. However, that was quite a long time ago and DDoS attacks have gotten more sophisticated. As financial organizations become more reliant on the Internet of Things (IoT), cybercriminals can leverage unpatched devices to launch stronger, more sophisticated DDoS attacks. Until organizations get their hands around the new devices and vulnerabilities in their environments, DDoS attacks will continue to be a threat.”
Weaponizing Documents for DDoS Attacks
Several industry experts stressed that DDoS attacks have evolved into weaponized instruments used to disseminate ransomware, as well as to launch disruptive attacks against their targets. Attack vectors targeted for weaponization include mobile devices, documents, browsers, and the current favorite being IoT devices. Researchers from Sophos discovered a weaponized document serving the dual purpose of delivering ransomware to the system, as well as exploiting it for potential DDoS attacks. The weaponized document was sent as a spear phishing email which upon opening launched Microsoft Word and initiated embedded macros, which enabled elevated privileges for the malicious document to execute an encoded VBscript.