The NZX has been under cyber attack for each of the last three days. Photo / NZ Herald
The NZX has been under cyber attack for each of the last three days. Photo / NZ Herald
The NZX has delayed the market's opening after earlier communicating that it would be open for business following a barrage of cyber attacks.
By 11.45 am the exchange was still out of action.
In a statement issued to market participants, NZX said: "Given the current issue we have extended the Pre-Open for the NZX Main Board and Fonterra Shareholders Market.
"The NZX Debt Market was placed into a halt at 9.58am. The NZX Derivatives Market remains open."
A spokesman for Finance Minister Grant Robertson said the he would comment on the issue when he appears at today's Covid-19 news conference scheduled for 1 pm.
For the first time popular retail share trading platform Sharesies has felt the need to tell its customers not to worry about their money. "This is not a Sharesies issue. The money and investments you have in Sharesies are safe," it said.
The exchange said its connectivity issues appear similar to those caused by severe DDoS attacks from offshore this week.
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target with traffic.
NZX said it had been continuing to work with its network service provider, Spark, and national and international cyber security partners, including the state's security arm, the GCSB, to address the attacks.
"NZX has been in close contact with market participants, and appreciates the support and level of understanding during the periods of disruption to trading," it said.
This week's disruption came just as the benchmark S&P/NZX50 Index was a few points short of its record high, set in February, of 12,073.34.
The stock exchange website is down.
The index's last reading was 12,053.4.
JMI Wealth director Andrew Kelleher told Mike Hosking on Newstalk ZB that the cyber attack was clearly a "very motivated and very serious act".
Kelleher said that liquidity in the market had been maintained "to a degree" despite the attacks.
But he said that if they continued, it would lessen investors' confidence in their ability to trade "if a piece of news occurs that people need to react to".
This week's attacks have occurred at the tail end of the reporting season, which has seen the Air NZ , Meridian and Spark issue their results.
Yesterday the Herald reported how the NZX and its connectivity provider, Spark, could be locked in an "arms race" with an unknown enemy after repeated cyber attacks forced a halt to share trading.
The NZX is understood to have moved its domain nzx.com to Akamai Technologies, the multinational content delivery network. The website for the bourse is still served up from a content delivery network run by Red Shield in Wellington.
The move comes after Australian security commentator Catalin Cimpanu said a source in the security industry had told him a group of "DDoS extortionists" was behind the attacks on the NZX.
The group, which demands a ransom paid in bitcoin to lay off its attacks, is said to be imitating a Russian group sometimes known as Cozy Bear. The group is said to also be responsible for attacks on money transfer service MoneyGram, YesBank India, PayPal, Braintree, and Venmo this week.
The NZX and Spark have refused to say if extortion is involved. Cert NZ and the GCSB say they won't comment on individual cases, for fear of inhibiting organisations from reporting future attacks (although the NZX did acknowledge in a statement that it is working with the GCSB).
While the NZX remains shut, trading in many of the dual listed stocks, such as Fletcher Building and Spark, has continued on the ASX.
A spokesman for ASX said it does not comment on specific cyber-related matters.
"We have a range of security protections in place and work closely with government and relevant agencies to maintain the integrity of our service," he said.
