Annnnnd its down again. Hopefully the can sort it out over the weekend?

In a private discussion I've mentioned what service the NZX should be using. They are playing with locals, this is another level.

Interesting that the ddos attack maps are not that accurate then. https://www.digitalattackmap.com/#anim=1&color=0&country=KR&list=0&time=18489&view=map

Shows attacks originating from NZ but nothing incoming. 

Looks like NZX are using RedShield to protect their site - one of RedShield's features is DDOS mitigation so they've either not configured it optimally or this is a much bigger attack than RedShield can handle.

Typically, using a service like RedShield would be be an appropriate mitigation for this type of attack (DDOS), so it doesn't sound like NZX have no idea what they're doing. I don't know anything further about how well or poorly NZX manage their infrastructure.

axxaa:

Interesting that the ddos attack maps are not that accurate then. https://www.digitalattackmap.com/#anim=1&color=0&country=KR&list=0&time=18489&view=map

Shows attacks originating from NZ but nothing incoming. 

@axxaa:

 

Interesting that the ddos attack maps are not that accurate then. https://www.digitalattackmap.com/#anim=1&color=0&country=KR&list=0&time=18489&view=map

 

Shows attacks originating from NZ but nothing incoming. 

 

Your map is filtered "North Korea".

freitasm:

 

@axxaa:

 

Interesting that the ddos attack maps are not that accurate then. https://www.digitalattackmap.com/#anim=1&color=0&country=KR&list=0&time=18489&view=map

 

Shows attacks originating from NZ but nothing incoming. 

 

 

Your map is filtered "North Korea".

 

Edit: This map shows the NZ attack traffic.

https://horizon.netscout.com/?mapPosition=-65.57~27.73~1.00

axxaa:

 

Thanks. Fixed the filtering but still nothing showing for NZ. Guess the traffic may indeed be too small.

 

Is that site realtime?  It looks like its historical only given data ends on 16/08.... presumably it takes time to collect the data...?

sidefx:

 

axxaa:

 

Thanks. Fixed the filtering but still nothing showing for NZ. Guess the traffic may indeed be too small.

 

 

 

 

Is that site realtime?  It looks like its historical only given data ends on 16/08.... presumably it takes time to collect the data...?

 

Sorry, I should have looked closer. That map is for August 15th. The live map I linked above appears to be live data.

Either way they are getting hammered. At least its a ddos attack and not a crypto attack I guess, Always look at the positive side. 🙃

That's a pretty map, almost hypnotic, you could play rave music in the background.
Or Frankie goes to Hollywood - Two Tribes. 
https://horizon.netscout.com/?mapPosition=-65.57~27.73~1.00

So DDoS attacks are still a thing, a really big thing, I mean a really really big thing.
The scale of the number of servers that are hijacked to produce that seems impressive.
What's with the traffic exiting Christchurch ?
Guess its not reported so much as its so common its not really news except to infosec people ?

ZDNet are reporting it:

https://www.zdnet.com/article/new-zealand-stock-exchange-suffers-day-four-disruption-following-ddos-attacks/

the article also now on Stuff website:

https://www.stuff.co.nz/business/industries/122593041/nzx-attackers-believed-to-be-demanding-huge-ransom-in-bitcoin

Whether it's accurate or not, then who knows?

 

The cybercrime group that has knocked the NZX offline has been attacking several financial providers around the world, demanding payment in Bitcoin to call off its attacks, US-owned technology news site ZDnet has reported.

 

New Zealand’s stock exchange was knocked offline for a fourth day in a row on Friday due to connectivity issues which the NZX said resembled cyberattacks it suffered earlier in the week.

 

ZDnet said the attackers had gone by names including "Armada Collective" and "Fancy Bear" and usually emailed "huge ransom demands" to victims.

 

NZX spokesman David Glendining would not comment on whether it had received a blackmail demand for a ransom, or whether the company had a policy with regard to paying them.

 

ezbee:
What's with the traffic exiting Christchurch ?

 

Not sure - as but the outgoing fire seems to be coming from the sea at the Western end of Foveaux Strait - which seems to me to be highly unlikely - maybe whoever made the map just plonked things in the general area, plus or minus a thousand or so km.

Things look to be back up and trading to resume at 1pm!
Lets hope everything goes well. 

https://www.nzx.com/

mattwnz:

Doesn't seem to be getting  huge amount of coverage, considering this is a big part of NZs infrastructure. Saw some experts on the news last night discussing it. Normally I understand with  a DDOS on a website server, that the admins would block the IP ranges of those doing the attack.