New Zealand’s stock exchange was forced to halt trading for several hours Wednesday following a sustained cyberattack, the second in two days.

In a statement, the exchange said it was targeted by a volumetric distributed-denial-of-service attack from offshore that affected its NZX system connectivity. NZX decided to halt trading. A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic.

The exchange’s main board, the NZX Debt Market and Fonterra Shareholders Market, were all placed on halt Wednesday for three and a half hours, while trading on NZX’s cash markets were cut short an hour on Tuesday.

The exchange had initially said on Tuesday that the attacks had been mitigated and that normal operations would resume on Wednesday, but as The Guardian noted, the subsequent attack has raised questions about security.

The motivation for the attack is currently unknown, but there are some theories as to why a relatively small stock exchange such as the NZX may have been targeted.

“This may be a rehearsal of a major attack targeting NASDAQ or LSE amid the craziness going on the global stock markets,” Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE. “I don’t think that major cyber gangs have their own interest in, or were hired by someone, to conduct a DDoS capable of repeatedly shutting down NZX.”

Barrett Lyon, chief executive officer of network security protection firm Netography Inc., believes that stock manipulation could have been a motivating factor while also noting that there are issues with NZX’s system setup.

“Typically, a lot of trading, especially high-frequency trading, is done over a private, dedicated network infrastructure,” he said. “That should have nothing to do with anything connected to the internet.”

He added that it’s evident that the exchange’s infrastructure has too many cross-dependencies in the network infrastructure that it may not be aware of. “As a result, the public attacks impacted internal trading applications – and could have led to stock manipulation,” he said.

Marc Wilczek, chief operating officer of DDoS protection company Link11, said the attacks highlight how targeted DDoS exploits can be extremely disruptive to even the best-prepared organizations and stop their normal operations. “With DDoS-for-hire services offering attacks to anyone for a modest fee, organizations need to deploy DDoS protection solutions that block attacks in the cloud and have significantly greater bandwidth and idle capacity than any regular enterprise would ever procure,” he said.

Photo: Phillip Capper/Flickr