Home Finance NZ’s cyber security attacks

NZ’s cyber security attacks




NZ’s cyber security centre warns more attacks likely following stock market outages

By Dave Parry, Head of the Department of Computer Science, Auckland University of Technology

The Government Communications Security Bureau (GCSB) has issued a warning to all New Zealand businesses to be prepared for cyber attacks, following almost a week of daily attacks on the New Zealand stock exchange (NZX).

The attacks have caused outages, sometimes for hours, of NZX’s public-facing website since Tuesday last week. Today it continued trading under a new arrangement that allows it to post information to alternative platforms.

The attacks are part of worldwide malicious cyber activity and the government will likely share information via Interpol and government-to-government links, including the intelligence alliance know as Five Eyes.

Creating millions of bots

The type of attack is known as a Distributed Denial of Service (DDoS). The attacker infects large numbers, often thousands or even millions, of computers with a virus that allows the attacker to instruct the infected computer – known as a “bot” – to send thousands of requests for data to the target.

In effect, this means millions of attempts to access a website at the same time. The website being attacked can’t respond to each one quickly enough so either it simply stops responding or responds to some but not all data requests. Some people get the most up-to-date page and others don’t.

This is particularly damaging for financial information sites such as a stock market. They have a legal duty to give equal access to different users. They would normally shut down and stop trading for a while rather than allow some people to get information before others.

These attacks are not designed to steal data or do insider trading. They are generally set up to demand ransom from the victims, usually asking for thousands of dollars paid in bitcoin or another cryptocurrency which is effectively untraceable. Governments, terrorist organisations, political groups and even pranksters have also been known to use these attacks.

DDoS software is available on the dark web but also not very difficult to write. In many cases the people owning the bots will not be aware anything strange is happening.

The current attacks

Multi-day attacks have been rare but are becoming more common. The size of these attacks, including how many bots are used and their capacity to send requests, has been increasing.

This map shows the number of global attacks on August 15. CC BY-SA

Such multi-day attacks are potentially risky for the attackers as the defence team will be analysing the attacks, often using artificial intelligence tools, and should be able to respond more quickly to block illegitimate requests.

The defence against such attacks is based on being able to cope with the large number of requests, either by moving the website to a cloud-based system that can increase capacity quickly, or identifying bot requests and filtering them out by setting up a “whitelist” of legitimate users and excluding others.

This is normally done by firewalls at the level of each attacked entity, the internet service provider or, as in the case of New Zealand, at a country’s electronic border (for example, the Southern Cross trans-Pacific network of communications cables).

If an attack is coming from inside New Zealand, security software on the bot computer can normally remove the infection with up-to-date anti-virus software. Internet service providers can also detect this activity and may warn users or disconnect the infected machine until it is cleaned. But in this case, the attacks are coming from outside New Zealand.

The COVID-19 pandemic means millions of people are working from home around the world, outside their normal corporate security, often using the family computer. Some people may be less careful about downloading software, particularly on illegal streaming sites, and may be using free or unsecured wifi networks. This makes infecting computers to turn them into bots much easier.

Previous articleOh how unfair!
Next articleHave Your Say


  1. I get bursts of unsolicited emails about a bitcoin account I never sought, gambling accounts set up for me, cash owing on freight I never ordered before delivery can happen, automated phone calls requiring a button push to contact the dirtbag involved……

    All just an irritation and reporting stuff to spam.govt.nz or to Microsoft consistently seemingly does not cure the problem.

    It would be nice to think there are volumes from some sources that an internet provider or phone system could detect as unsolicited nuisance material and deal with in the interests of retaining customers. It would be nice to think spam.govt.nz could nail and dispose of the garbage that is infesting they email system.

    Maybe privacy issues are deemed to get in the way of progress. At least the crap I have reported could be dealt with as I am sure the volume must be sufficient to attract attention and enable the scum responsible to be blocked and dealt with.



Recent posts

Take Away The Fear Factor.

From Us; I am unvaccinated. I am pure-blooded. I don't comply. I love freedom .......... From Them; Wear your damn mask. You are a terrorist. You are...

29% Of Vaxxed Teens Have Heart Problems

29% Of Vaxxed Teens Have Heart Problems! – New Studies Expose The Fraudulent Vaccines! "This should alarm everyone. We're watching a genocide take place...

Tuesday Fun

Recent comments

Simpleton1 on Have Your Say
wiseowl on Have Your Say
rightoverlabour on Have Your Say
rightoverlabour on Have Your Say
Beorn on Have Your Say
Alice on Have Your Say
Alice on Have Your Say
I am a stupid boy on Have Your Say

The way we all feel about this useless government

light rain
16.3 ° C
17.2 °
15.8 °
90 %
100 %
16 °
16 °
18 °
20 °
18 °
NZD - New Zealand Dollar