In late August appeared news that New Zealand exchange NZX has been the victim of a series of cyberattacks. The attackers used DDoS to stop the bidding – and they succeeded.
Trading on NZX on August 26 was completely stopped for three and a half hours as a result of a DDoS attack. This was not the first attempt to influence the exchange engine, but the day before, the exchange was able to repel the attack.
The hackers were interested not only in the transaction engine, but also attacked the NZX website and news feed.
Security officials said the source of traffic used to attack NZX was outside New Zealand. At the same time, experts believe that the attack was carried out by a serious cyber group – the skills and budget for conducting cyber attacks of this magnitude should be significant.
Hackers and exchanges: current situation
Financial institutions and their clients are constantly in the focus of cybercriminals’ attention. The reasons for this are clear – a successful attack allows you to immediately hit the jackpot.
At the same time, DDoS attacks are not the most popular way to influence financial institutions. So by data Akamai has made more than 85.4 billion attempts to brute-force logins over a two-year observation period.
For example, in August last year, in one day, just one financial service experienced 55 million such attempts. On average, up to 22 million attempts of attacks of this type are logged a day.
Despite the fact that banks and their clients are most often attacked, sometimes exchanges also get it. For example, in July 2015, trading on the New York Stock Exchange (NYSE) was suspended for several hours. Officially, the cause of the failure was called internal problems, but this version did not convince journalists and some experts. In their opinion, hacker attacks were to blame.
Both Anonymous and Chinese cybercriminals were blamed for the incident. By the way, Anonymous tried to attack the exchange in 2011, but then this did not lead to serious consequences. How the exchange was hacked in 2015 (if the attack really took place) is not known for certain
An equally mysterious situation took place on the Moscow Exchange in the same 2015. In early February, during the trading session, the ruble rate fell by 15%, as one of the traders – Kazan Energobank – was selling currency at non-market prices. In 15 minutes of such trading, the player lost 244 million rubles. The bank blamed the hackers for the incident.
What hackers are interested in
Situations when cybercriminals aim to directly disable exchange systems are rare. Taking advantage of this situation to make money is not a trivial task. Much more promising, for example, are attacks on companies connected with stock exchanges in search of insider information.
An illustrative example of such an attack is the theft of inside information from Dow Jones & Co. The company reported hacking and data theft of 3,500 customers in 2015.
A similar problem arose with the American press release resources of PRNewswire, Marketwired, and Businesswire. They, without noticing it, had been sharing important information for the market with hackers for five years before it was published. Cybercriminals gained access to the data using phishing attacks. The hackers worked in conjunction with traders. The latter used the obtained data for trading on the stock exchange, and the proceeds were transferred to offshores. According to various estimates, the damage from the group’s actions is estimated at between $ 30 and $ 100 million.
It is usually more difficult for hackers to successfully attack a brokerage company and steal money than, for example, in the case of a banking service. If the attack turns out to be successful, withdrawing client funds or performing trading operations in order to “transfer” the deposit to the desired account is very difficult, and it is quite easy to notice such non-standard operations.
In addition, in order to minimize possible damage, brokerage companies develop various client protection systems. For example, such protection is available in the trading terminal. SMARTx…
Read reviews, market analytics and investment ideas in Telegram channel ITI Capital