The series of cyber attacks on the NZX could be a threat to the wider economy. Photo / File
The series of cyber attacks on the NZX could be a threat to the wider economy. Photo / File
The four-day assault on the New Zealand Stock Exchange is seen as the country's worst ever cyber attack, sparking concern among investors and market participants about damage to the credibility of the market.
"It's certainly the worst ever in terms of DDoS attacks," AUT computer science professor Dave Parry said.
And that worries fund managers like Matt Goodson, of Salt Funds Management, who said the latest attack was very concerning from the "wider New Zealand Inc perspective".
The NZX initially advised that the market would reopen today, only for it to be hit again by more cyber attacks and the exchange was offline most of the morning before coming back online at 1pm and then going dark yet again.
"Do we need to place more attention on the robustness of our security network and defences? I hope someone who knows what they are doing is asking these questions," Goodson said.
"It could be the electricity transmission being taken down or the banking system going offline – that's more fundamental than the sharemarket," he said. "It's clearly a very sophisticated attack."
At a press conference today, Finance Minister Grant Robertson confirmed the GCSB was assisting the NZX.
"We are aware of the impact that this is having on the stock exchange and officials ministers have been working with the NZX."
Finance Minister Grant Robertson. Photo / Getty Images
But he said he was not able to go into more details, as NZX is a private company.
"The National Security System has been activated which ensures coordination between the agencies in order to support the NZX," Robertson said.
NZX has only commented via brief statements and chief executive Mark Peterson has yet to front the media.
In a statement this morning, NZX said: "Given the current issue we have extended the Pre-Open for the NZX Main Board and Fonterra Shareholders Market.
Goodson said there was not enough information out there to point the fingers at the moment – that will come afterwards and whether there has been sufficient investment in the security network.
"Let's cross our fingers and hope the market gets back up."
He said a crunch time for the market would be Monday when share indices such as the MSCI World Index – comprising 1603 stocks - are rebalanced at the end of the month.
"If the market is not back up, this can cause all sorts of problems for passive investors. They won't know what the prices are and the changes can't be implemented – they will have no choice but to go with the index movements."
Goodson expected "greater than normal" activity in the leading New Zealand stocks dual listed in Australia if the NZX remained down today. "If you want to do anything at current prices, then you'll have to look to Australia."
Leading dual listed stocks are Fisher and Paykel Healthcare, a2 Milk, Fletcher Building, Auckland International Airport, Spark, Pushpay Holdings, Air New Zealand, Synlait, Chorus.
New NZX participant, Sharesies, is now directing about 25,000 trades a day, worth $10 million, through its online platform and its chief executive Leighton Roberts said like everyone, NZX included, there is a revenue impact.
"We want to see the situation fixed and then we'll see what's happened. We don't have so many day traders but it's frustrating that clients can't trade on the platform. We are waiting, like all of us," he said.
Since the nationwide Covid-19 lockdown, Sharesies has signed up an additional 95,000 people on its investment platform, taking the total number of clients to 210,000. Before the lockdown, Sharesies was moving $2 million to $3 million worth of trades a day. The average trade is worth between $400 and $500.
Earlier in the week the NZX said its connectivity issues appeared similar to those caused by severe DDoS attacks from offshore this week.
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target with traffic.
NZX said it had been continuing to work with its network service provider, Spark, and national and international cyber security partners, including the state's security arm, the GCSB, to address the attacks.
"NZX has been in close contact with market participants, and appreciates the support and level of understanding during the periods of disruption to trading," it said.
This week's disruption came just as the benchmark S&P/NZX50 Index was a few points short of its record high, set in February, of 12,073.34.
The index's last reading was 12,053.4.
JMI Wealth director Andrew Kelleher told Mike Hosking on Newstalk ZB that the cyber attack was clearly a "very motivated and very serious act".
Kelleher said liquidity in the market had been maintained "to a degree" despite the attacks.
But he said if they continued, it would lessen investors' confidence in their ability to trade "if a piece of news occurs that people need to react to".
This week's attacks have occurred at the tail end of the reporting season. Air NZ, Meridian and Spark have issued their results.
Yesterday the Herald reported how the NZX and its connectivity provider, Spark, could be locked in an "arms race" with an unknown enemy after repeated cyber attacks forced a halt to share trading.
The cyber attacks on the NZX could pose a threat to the broader ecomomy, such as electricity transmission. Photo / NZ Herald
The NZX is understood to have moved its domain nzx.com to Akamai Technologies, the multinational content delivery network. The website for the bourse is still served up from a content delivery network run by Red Shield in Wellington.
The move comes after Australian security commentator Catalin Cimpanu said a source in the security industry had told him a group of "DDoS extortionists" was behind the attacks on the NZX.
The group, which demands a ransom paid in bitcoin to lay off its attacks, is said to be imitating a Russian group sometimes known as Cozy Bear. The group is said to also be responsible for attacks on money transfer service MoneyGram, YesBank India, PayPal, Braintree, and Venmo this week.
The NZX and Spark have refused to say if extortion is involved. Cert NZ and the GCSB say they won't comment on individual cases, for fear of inhibiting organisations from reporting future attacks (although the NZX did acknowledge in a statement that it is working with the GCSB).
A spokesman for ASX said it does not comment on specific cyber-related matters.
"We have a range of security protections in place and work closely with Government and relevant agencies to maintain the integrity of our service," he said.
"ASX markets are operating normally," he said.
Two listed companies that issued financial results today sympathised with the NZX's problems.
Port of Tauranga chief executive Mark Cairns was philosophical about the NZX going down on the morning the company delivered a solid annual result.
"It's disappointing. I wouldn't wish it on anyone and I'm sure the NZX is doing everything it can trying to sort it."
Cairns said the cyber attack had been a timely reminder to the port company to test its penetration systems.
John Freeman of Delegat Group said the company was not fazed by the NZX being out of action.
"It has not been a significant concern - the NZX has communicated well with us, and ensured that we understood how to post and release our results despite the interruptions.
"We know that cyber attack activity has been much higher in recent months, so we are hopeful the NZX can work through this and restore normal market operations as soon as possible."
