New Zealand Exchange's Massive DDoS Attack: What Went Wrong?Daniel Ayers Says Redundancy, Diversity Are Keys to Risk Mitigation
New Zealand's stock exchange, NZX, fell under a massive distributed denial-of-service attack at the end of August that was part of an extortion attempt.
The DDoS attack didn't affect the exchange's trading engine, but NZX was forced to shut it down because it couldn't publish public announcements on its website, which was directly under attack. NZX battled against the attacks with its service provider, Spark, for days and scrambled to secure strong DDoS mitigation services (see New Zealand Stock Exchange Trades Again After DDoS).
While NZX hasn't provided a postmortem, some of the roots of the problem are clear, says Daniel Ayers, a New Zealand-based IT security and cloud consultant. NZX at one time had just two Domain Name System nameservers on one IP space, and they were easily crushed under the intensity of the attacks.
"It's really important to make sure that your DNS servers are robust and diverse - spread around the internet," Ayers says.
NZX's two nameservers also lacked adequate DDoS protection, which left NZX in a high-pressure situation to bring its main website back online.
"The best way to protect against that is to have nameservers that are provided by or hosted by large cloud providers or CDN services," Ayers says.
In this video interview (see link below photo), Ayers discusses:
- Why NZX struggled for days to bring its main website back online;
- How companies should judge their risk of falling under DDoS;
- Why having a portable IP space can offer more flexibility when under a DDoS attack.
Ayers is a New Zealand-based IT consultant with expertise in computer forensics, networking and security. He has testified in Australian and New Zealand courts on IT and computer forensic topics. He previously was head of engineering at Strasmore Inc. and director of Special Tactics Ltd., which specializes in digital forensics and IT security consulting.