The New Zealand Stock Exchange (NZX) has been hit by a serious cyber attack that has knocked it offline for three days in a row.

NZX first halted trading on Tuesday due to the ongoing issue and has struggled to fully return services.

“Yesterday afternoon NZX experienced a volumetric DDoS (distributed denial of service) attack from offshore via its network service provider, which impacted NZX network connectivity,” NZX said in a statement on Wednesday morning.

“The systems impacted included NZX websites and the Markets Announcement Platform. The attack was able to be mitigated and connectivity has now been restored for NZX.”

But it appeared the exchange spoke too soon.

On Wednesday morning, NZX once again stopped trading because of the cyber attack and on Thursday, the pattern repeated.

“NZX is currently experiencing network connectivity issues,” the exchange’s website said on Thursday.

“The NZX Main Board, NZX Debt Market and Fonterra Shareholders Market are currently halted.”

While the NZX has not commented on the source of the attack – beyond saying it originated “offshore” – the attack coincides with the emergence of DDoS extortion attempts from known hacker groups.

Security intelligence firm, Akamai, updated a recent blog post this week discussing the form of attack, saying it ransom letters were going out to “various industry verticals such as finance, travel, and e-commerce”.

“We can confirm that we're now seeing attacks peak at almost 200 Gb/sec, utilising ARMS, DNS Flood, GRE Protocol Flood, SNMP Flood, SYN Flood, and WSDiscovery Flood attacks as their main vectors,” Akamai said.

“We've not seen a specific region being targeted as a result of these extortion attacks. There are institutions that reside in the UK, US, and APAC region who have received ransom letters.”

In its advisory, Akamai said the attackers demand a ransom of bitcoin, increasing the amount for each day they aren’t paid.

Critical infrastructure

CISO of UK domain registry Nominet, Cath Goulding, said the incident has proven how devastating cyber attacks can be for countries, even when the techniques are well-known.

“While a stock exchange might not be what we traditionally consider to be ‘critical national infrastructure’ – it is critical to the economy.

“Any downtime at all is putting millions of dollars at stake.

“Above all this raises the issue to countries and governments around the world that critical financial services need to be treated as an extension of government security.

“They should be given the utmost help and support from security agencies to protect them and help mitigate damage to the economy.”

Australia has been in a state of heightened cyber awareness following the Prime Minister’s warning in June that the country was under cyber attack.

The government is currently pushing to expand the definition of ‘critical infrastructure’ in order to provide assistance to, and potentially take control of, organisations when they are having a cyber emergency.