Eight exchange operators also attacked during New Zealand hack, says cyber intelligence group chairman

Jerry Perullo, chief information security officer for ICE and NYSE, stated that other exchanges had been targeted alongside NZX.

Eight stock exchanges were attacked around the same that the New Zealand Exchange (NZX) was hacked and forced to close its operations for four days, a cyber intelligence expert has said.

Jerry Perullo, chief information security officer for ICE and NYSE, and chairman of cyber intelligence group for financial services, FS-ISAC, alluded to the other attacks in a Sibos panel titled ‘COVID 19 open season for hackers’.

He did not name the other market operators that fell victim to the attacks but stated “a week into this [NZX hack] we had tracked eight exchanges that were under attack”.

NZX was targeted by ransomware and was forced to close for four consecutive days in August. It later confirmed it had suffered a distributed denial-of services (DDoS) cyber-attack, which resulted in the exchange going offline. 

“This decision not to re-open has been made while we focus on addressing the situation,” NZX said at the time. “We continue to address the threat and work with cybersecurity experts, and we are doing everything we can to resume normal trading.”

The DDoS attacks, which involve overwhelming the system of a target by delivering a heavy stream of information, have been described as one of the simplest forms of cyber hacking.

The panel went on to discuss the other threats from cybercriminals during the COVID-19 pandemic, with several other panellists agreeing the NZX hack was a global attack.

Chief information officer at NZX, David Godfrey, resigned just one month after the initial hack and is scheduled to leave at the end of 2020 after more than 11 years with the stock exchange.