The world has geopolitical risks at all times, and the global financial system not being immune to cyberattacks is a risk. A cyberattack on a stock market or a central bank probably sounds like something out of a futuristic spy novel. It’s not. It’s already happening. The world financial markets should be on guard about the most recent cyberattack in New Zealand that caused no trading for three days this week, and a fourth day saw intermittent trading.
New Zealand’s stock exchange (NZX) was hacked this week by a denial of service (DNS) attack. Reports indicate an overseas attack, and New Zealand has activated its National Security Systems, as the nation’s intelligence community and international partners are working to address and resolve the attack. While there are multiple angles of DNS attacks, they are generally as incidents in which an attacker is able to take advantage of vulnerabilities within the domain name system.
New Zealand may not exactly be the largest and the most obvious target in the world, but it is an ally nation of the West, and if one nation is being attacked, then other nations should be on higher alert regarding their financial systems as well.
To put this into context: the U.S. stock market and bond markets were closed for four trading days in the wake of the 9/11 terror attacks back in 2001. That was the longest U.S. stock market closure dating back to the 1930s.
This current DNS attack comes at a tricky time. New Zealand has faced many closures and economic interruptions due to the COVID-19 pandemic and waves of outbreaks there locally. The Reserve Bank of New Zealand already has responded to what it called a “sharp and sizable shock to the economy.” Some of its efforts should sound familiar as containment efforts have squashed economic activity.
The nation has seen heightened uncertainty and has been concerned about liquidity and the functioning of financial markets. In response, the Reserve Bank has used monetary policy to lower interest rates, has increased lending operations to boost liquidity, and has increased its balance sheet with asset purchases. Issues like this seem to have become the international playbook of central banks in 2020, including the United States.
As far as the real impact, New Zealand’s stock market was halted for three days and Friday’s trading was choppy, with trading halted for stocks and bonds in the morning. The NZX website was not accessible on last look, and the exchange has said that the market’s announcement system was affected rather than its trading systems.
New Zealand is not alone in having its stock exchange targeted, and it certainly will not be the last. In some ways, hacking a stock exchange could be the ultimate geopolitical risk in the 21st century. Even back in 2010, the Nasdaq had been hacked by a Russian group as the exchange discovered malware inside of its central servers. At that time, the impact could have been a disruption to the entire network or even the potential shutdown of the entire exchange.
The New York Stock Exchange and top American banks also reportedly have been attacked by Iranian hackers. Hackers have targeted the U.S. Federal Reserve as well, and the European Central Bank confirmed in 2019 that unauthorized parties had breached an external integrated reporting site. And the U.S. Securities and Exchange Commission also has been affected by an international insider trading ring that gained access into the EDGAR corporate filing database.
The risks of cyberattacks on stock exchanges, banking systems and global financial systems are not new. If targets are lucky, they are only targeted for cyber theft. If attacks come from nations via cyber warfare, the ultimate risk is waking up one day to the news that no one anywhere can access their money and investment accounts.
Below is an image of what the NZX website looked like on last check.