New Zealand’s spy agency was brought in to help fight back against cyberattacks that on Friday paralyzed the country’s stock exchange for a fourth day straight.
Finance Minister Grant Robertson said the intelligence agency of the Government Communications Security Bureau (GCSB) joined efforts to contain the threat which market operator NZX reported to be foreign-sourced but did not provide further information.
“Because of the significant security concerns, there are limitations on what I can tell about what action the government is taking behind the scenes,” Roberts told reporters.
“But we are aware of the impact this has on the sector and the NZX has been working with officials.
“Ministers have requested the GCSB to help, and the GCSB supports the National Cyber Security Centre.”
He added that the National Security System — which is designed to ensure a coordinated response during a crisis between intelligence agencies and government — was triggered.
“The ability of the GCSB is the thing in play here, they know a lot about cyber-attacks,” he said. “We can extend that ability to a business (NZX) that clearly has a critical role.”
Experts have told local media that potential perpetrators include a State-sponsored incursion, online activists with an anti-capitalist agenda such as Anonymous, or a ransom-seeking criminal enterprise.
When asked if NZX had received a ransom letter, Robertson replied: “I don’t know that, that’s something you ‘re going to have to deal with with GCSB.”
The GCSB avoided commenting.
Financial Markets Authority (FMA) regulators said the exchange had assured it there was no compromise on investor details.
“The FMA supports NZX ‘s decisions to suspend trading in the situations, for times when issuers are unable to release information to the market,” the agency said.
Sean Duca, a Regional Chief Security Officer at Palo Alto Networks based in Sydney, said the fact that top officials had triggered the crisis plan reflected the seriousness of the situation.
“The consequences are not only important for the financial sector, it’s more the fact that somebody’s targeting something of national interest, which is part of the critical infrastructure of the country,” he said.
Such infrastructure includes systems providing essential services such as the electricity grid, communications networks and transportation providers.
“Attacks like these are a wake-up call to organizations … and perhaps they’re saying OK let’s do something right now,” Duca said.
Rizwan Asghar, from the school of computer science at Auckland University, said ‘denial of service’ (DDoS) attacks, which bombarded systems with data requests or traffic, occurred frequently but were typically controlled by the security systems of the target.
He was unaware of such a long period of vital piece of infrastructure as NZX suffering such comprehensive security failures.
“I wasn’t shocked on the first day, these attacks are fairly common,” he told AFP.
“I was shocked the second day it was still happening, despite having been in a row for four days. It’s very worrying they can’t handle this amount of traffic in attack.
Asghar said the source of DDoS attacks was hard to track since vulnerable machines were used by the culprits and then deleted their activity logs, so even owners may not know their machine was used for illegal purposes.
He said the NZX outages highlighted the need for governments to incorporate proper security into critical infrastructure systems prior to cyberattacks.
“Those things are always going to happen and they’re going to say ‘we need some security, but protection isn’t an add-on, it’s not something you can plug in and play right away,” he said.
“We need to invest in defense, and take a constructive, not just reactive, approach.