Serious cyber-attack on NZX could have been ‘easily avoided’ - expert

As New Zealand’s stock exchange operator has been hit by a second day of disruptions caused by overseas cyber-attacks, one expert says the attacks could have been “easily avoided”.

Your playlist will load after this ad

The stock exchange has been hit by a second day of disruption following the attack. Source: 1 NEWS

Daniel Ayers, an IT security consultant, said it was ironic the stock exchange was taken down by “such a basic error and something that could be exploited by just about anybody”.

“It's a problem that can be easily avoided even by using free services, it's not a difficult problem to avoid at all.”

The comments come as NZX's website this morning went offline in the wake of yesterday's cyber attack.

An NZX spokesperson told 1 NEWS the website's current status "appears to be connected" to yesterday's events, which saw the operator halt trading its cash markets yesterday afternoon after an offshore cyber attack oversaturated its network with high internet traffic.

Trading was stopped at approximately 3.57pm yesterday after it experienced a "volumetric distributed denial of service (DDoS) attack" which impacted its system connectivity, Spark and NZX said in a joint statement at the time.

The attack "aims to disrupt service by saturating a network with significant volumes of internet traffic", the statement read.

Mr Ayers said NZX should have seen the risk of a DDoS attack coming.

“It isn't a good look for the NZX,” he said.

But Dr Rizwan Asghar, a senior lecturer in computer science at the University of Auckland, said identifying sources of DDoS attacks “could be quite hard”.

Paul Spain, chief executive of technology services firm Gorilla Technology, said the attack was “serious”.

“This is a form of extortion this style of attack … the attackers basically do this for a pay off and they will stop if the NZX fronts up with a whole lot of money.” he said.

The Government’s National Cyber Security Centre, under the GCSB spy agency, declined to comment on the attack, citing a long-standing policy. 

Commerce Minister Kris Faafoi said attacks of this nature didn’t usually come from another state.

“So, at this stage, from the information we’ve got, it’s not that kind of attack.”