The NZX has been hit by a second cyberattack, again disrupting its network and halting trading, in what appears to be a complex and motivated campaign.

Yesterday a distributed denial of service attack overwhelmed the stock market operator’s network, blocking access to the online platform where companies make price-sensitive announcements and prompting it to halt trading. 

However, the attack did not reach as far as NZX's trading systems themselves.

This morning, the attackers appear to have renewed their efforts and the exchange operator halted trading at 11.24am due to a similar system connectivity issue as yesterday.

Highly motivated?

Peter Bailey, general manager of Aura Information Security, said the scale of the attack suggested it was carried out by a well-resourced organisation with a strong motive.

“It certainly takes a highly motivated attacker to sustain this attack and come back again,” he said.

The exchange’s network service provider, Spark New Zealand, said yesterday’s attack targeted NZX but that the scale saturated its internet traffic and caused connectivity issues for some other customers.

Aura's Bailey said organisations capable of mounting a large-scale attack included businesses who may benefit financially from disrupting the exchange, activist groups who want to protest for a cause, or nation-states looking to sow disorder.

“We do see state-actors doing these sorts of attacks because they often have the resource available to do it,” he said. “But you can also hire the resources on the dark web to run this kind of attack for you, as a service.”

He said it was very unlikely to simply be teenagers playing around: "It is expensive, it takes time and energy. They are definitely trying to achieve something with it." 

Top secret

The Government Communications Security Bureau's National Cyber Security Centre said it doesn't general comment on specific cases. Similarly, CERT NZ said it doesn't comment on individual cases. 

Andrew Little, the minister responsible for the GCSB, also declined to comment on specifics.

“You can expect the National Cyber Security Centre within the GCSB to stand ready to assist nationally significant organisations when they report significant cyber attacks,” he said.

Rizwan Asghar, a senior lecturer at Auckland University's school of computer science, agreed the attack seemed to be sophisticated, noting that critical infrastructure can face these types of incursions. 

"Identifying the 'actual' source of such attacks is quite hard as attackers use IP spoofing to hide their identity," he said.