New Zealand Stock Exchange hacked again

The New Zealand stock exchange market has been hit by cyberattacks twice over two days. as per the statements, there were two DDoS (disturbed denial of service) attacks.

 They gave the two different statements

The NZX said they first experienced a network connectivity problem by a network service provider as their yesterday statement. The statement quoted “Yesterday afternoon NZX experienced a volumetric DDoS (distributed denial of service) attack from offshore via its network service provider, which impacted NZX network connectivity.”The second one they said whoever behind this hit by the cyber-attack was not spare 

After that those areas would resume operation after 3 p.m. The statement stated as “This morning NZX experienced a further disruption similar to yesterday's related to a DDoS (distributed denial of service) attack as such, NZX decided to halt trading in its cash markets at approximately 11.24 am.” 

This attack has raised a lot of questions about the security of the Stock exchange market. There is no clarity as a now that who is responsible for the attack neither there is no proof as to what their motivations are?

During a conversation with radio New Zealand, Professor Dave Parry from the Auckland University of Technology Computer science said “Unfortunately, the skills and software to do this are widely available” he also added saying “the disruption of COVID and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual."  

New Zealand's Minister of Commerce and Consumer Affairs Kris Faafoi has been reported by Radio New Zealand saying that the attack did not seem to be the work of a state actor. 

As NXZ quoted on Wednesday “experienced a volumetric DDoS attack from offshore via its network service provider, which impacted NZX network connectivity”. Adding to it NZX also disclosed that the attack had affected NZX websites and the markets announcement platform, causing it to call a trading halt at 3.57 pm.

 

Disclaimer: The news on the Website have been compiled from a variety of sources and cannot vouch for the veracity of the stories.

Whoops! There was an error.
ErrorException (E_NOTICE)
ob_end_flush(): failed to send buffer of zlib output compression (0) ErrorException thrown with message "ob_end_flush(): failed to send buffer of zlib output compression (0)" Stacktrace: #4 ErrorException in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:1219 #3 ob_end_flush in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:1219 #2 Symfony\Component\HttpFoundation\Response:closeOutputBuffers in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:381 #1 Symfony\Component\HttpFoundation\Response:send in /home/streakshot/public_html/public/index.php:58 #0 require_once in /home/streakshot/public_html/index.php:21
4
ErrorException
/vendor/symfony/http-foundation/Response.php1219
3
ob_end_flush
/vendor/symfony/http-foundation/Response.php1219
2
Symfony\Component\HttpFoundation\Response closeOutputBuffers
/vendor/symfony/http-foundation/Response.php381
1
Symfony\Component\HttpFoundation\Response send
/public/index.php58
0
require_once
/index.php21
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        return \in_array($this->statusCode, [204, 304]);
    }
 
    /**
     * Cleans or flushes output buffers up to target level.
     *
     * Resulting level can be greater than target level if a non-removable buffer has been encountered.
     *
     * @final
     */
    public static function closeOutputBuffers(int $targetLevel, bool $flush)
    {
        $status = ob_get_status(true);
        $level = \count($status);
        $flags = PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? PHP_OUTPUT_HANDLER_FLUSHABLE : PHP_OUTPUT_HANDLER_CLEANABLE);
 
        while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
            if ($flush) {
                ob_end_flush();
            } else {
                ob_end_clean();
            }
        }
    }
 
    /**
     * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
     *
     * @see http://support.microsoft.com/kb/323308
     *
     * @final
     */
    protected function ensureIEOverSSLCompatibility(Request $request)
    {
        if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) && true === $request->isSecure()) {
            if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
                $this->headers->remove('Cache-Control');
            }
        }
Arguments
  1. "ob_end_flush(): failed to send buffer of zlib output compression (0)"
    
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        return \in_array($this->statusCode, [204, 304]);
    }
 
    /**
     * Cleans or flushes output buffers up to target level.
     *
     * Resulting level can be greater than target level if a non-removable buffer has been encountered.
     *
     * @final
     */
    public static function closeOutputBuffers(int $targetLevel, bool $flush)
    {
        $status = ob_get_status(true);
        $level = \count($status);
        $flags = PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? PHP_OUTPUT_HANDLER_FLUSHABLE : PHP_OUTPUT_HANDLER_CLEANABLE);
 
        while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
            if ($flush) {
                ob_end_flush();
            } else {
                ob_end_clean();
            }
        }
    }
 
    /**
     * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
     *
     * @see http://support.microsoft.com/kb/323308
     *
     * @final
     */
    protected function ensureIEOverSSLCompatibility(Request $request)
    {
        if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) && true === $request->isSecure()) {
            if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
                $this->headers->remove('Cache-Control');
            }
        }
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        echo $this->content;
 
        return $this;
    }
 
    /**
     * Sends HTTP headers and content.
     *
     * @return $this
     */
    public function send()
    {
        $this->sendHeaders();
        $this->sendContent();
 
        if (\function_exists('fastcgi_finish_request')) {
            fastcgi_finish_request();
        } elseif (!\in_array(\PHP_SAPI, ['cli', 'phpdbg'], true)) {
            static::closeOutputBuffers(0, true);
        }
 
        return $this;
    }
 
    /**
     * Sets the response content.
     *
     * Valid types are strings, numbers, null, and objects that implement a __toString() method.
     *
     * @param mixed $content Content that can be cast to string
     *
     * @return $this
     *
     * @throws \UnexpectedValueException
     */
    public function setContent($content)
    {
        if (null !== $content && !\is_string($content) && !is_numeric($content) && !\is_callable([$content, '__toString'])) {
            throw new \UnexpectedValueException(sprintf('The Response content must be a string or object implementing __toString(), "%s" given.', \gettype($content)));
Arguments
  1. 0
    
  2. true
    
/home/streakshot/public_html/public/index.php
 
/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request
| through the kernel, and send the associated response back to
| the client's browser allowing them to enjoy the creative
| and wonderful application we have prepared for them.
|
*/
 
$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);
 
$response = $kernel->handle(
    $request = Illuminate\Http\Request::capture()
);
 
$response->send();
 
$kernel->terminate($request, $response);
 
/home/streakshot/public_html/index.php
 
/**
 * Laravel - A PHP Framework For Web Artisans
 *
 * @package  Laravel
 * @author   Taylor Otwell <taylor@laravel.com>
 */
 
$uri = urldecode(
    parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
);
 
// This file allows us to emulate Apache's "mod_rewrite" functionality from the
// built-in PHP web server. This provides a convenient way to test a Laravel
// application without having installed a "real" web server software here.
if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) {
    return false;
}
 
require_once __DIR__.'/public/index.php';
 
Arguments
  1. "/home/streakshot/public_html/public/index.php"
    

Environment & details:

empty
empty
empty
empty
empty
Key Value
TZ
"Asia/Kolkata"
REDIRECT_REDIRECT_UNIQUE_ID
"YaHomAcWMUsrKvvSgiZJSAAAAAg"
REDIRECT_REDIRECT_SCRIPT_URL
"/technology/new-zealand-stock-exchange-hacked-again"
REDIRECT_REDIRECT_SCRIPT_URI
"https://streakshot.com/technology/new-zealand-stock-exchange-hacked-again"
REDIRECT_REDIRECT_HTTPS
"on"
REDIRECT_REDIRECT_STATUS
"200"
REDIRECT_UNIQUE_ID
"YaHomAcWMUsrKvvSgiZJSAAAAAg"
REDIRECT_SCRIPT_URL
"/technology/new-zealand-stock-exchange-hacked-again"
REDIRECT_SCRIPT_URI
"https://streakshot.com/technology/new-zealand-stock-exchange-hacked-again"
REDIRECT_HTTPS
"on"
REDIRECT_HANDLER
"application/x-httpd-ea-php72"
REDIRECT_STATUS
"200"
UNIQUE_ID
"YaHomAcWMUsrKvvSgiZJSAAAAAg"
SCRIPT_URL
"/technology/new-zealand-stock-exchange-hacked-again"
SCRIPT_URI
"https://streakshot.com/technology/new-zealand-stock-exchange-hacked-again"
HTTPS
"on"
HTTP_HOST
"streakshot.com"
HTTP_X_REAL_IP
"18.212.120.195"
HTTP_X_FORWARDED_PROTO
"https"
HTTP_CONNECTION
"close"
HTTP_USER_AGENT
"CCBot/2.0 (https://commoncrawl.org/faq/)"
HTTP_ACCEPT
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_LANGUAGE
"en-US,en;q=0.5"
HTTP_ACCEPT_ENCODING
"br,gzip"
HTTP_X_HTTPS
"1"
PATH
"/usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin"
SERVER_SIGNATURE
""
SERVER_SOFTWARE
"Apache"
SERVER_NAME
"streakshot.com"
SERVER_ADDR
"62.210.127.245"
SERVER_PORT
"443"
REMOTE_ADDR
"18.212.120.195"
DOCUMENT_ROOT
"/home/streakshot/public_html"
REQUEST_SCHEME
"https"
CONTEXT_PREFIX
"/cgi-sys"
CONTEXT_DOCUMENT_ROOT
"/usr/local/cpanel/cgi-sys/"
SERVER_ADMIN
"webmaster@streakshot.com"
SCRIPT_FILENAME
"/home/streakshot/public_html/index.php"
REMOTE_PORT
"37156"
REDIRECT_URL
"/index.php"
GATEWAY_INTERFACE
"CGI/1.1"
SERVER_PROTOCOL
"HTTP/1.1"
REQUEST_METHOD
"GET"
QUERY_STRING
""
REQUEST_URI
"/technology/new-zealand-stock-exchange-hacked-again"
SCRIPT_NAME
"/index.php"
ORIG_SCRIPT_FILENAME
"/usr/local/cpanel/cgi-sys/ea-php72"
ORIG_PATH_INFO
"/index.php"
ORIG_PATH_TRANSLATED
"/home/streakshot/public_html/index.php"
ORIG_SCRIPT_NAME
"/cgi-sys/ea-php72"
PHP_SELF
"/index.php"
REQUEST_TIME_FLOAT
1638000792.0822
REQUEST_TIME
1638000792
argv
[]
argc
0
APP_NAME
"StreakShot"
APP_ENV
"local"
APP_KEY
"base64:ReQmfEFXKLWiEg6BrcO2XKiMoAGvRdQy00AsMsYzrsk="
APP_DEBUG
"true"
APP_URL
"https://streakshot.com"
LOG_CHANNEL
"stack"
DB_CONNECTION
"mysql"
DB_HOST
"localhost"
DB_PORT
"3306"
DB_DATABASE
"streaksh_db"
DB_USERNAME
"streaksh_user"
DB_PASSWORD
".wdnNP8o^nUT"
BROADCAST_DRIVER
"log"
CACHE_DRIVER
"file"
QUEUE_CONNECTION
"sync"
SESSION_DRIVER
"file"
SESSION_LIFETIME
"120"
REDIS_HOST
"127.0.0.1"
REDIS_PASSWORD
"null"
REDIS_PORT
"6379"
MAIL_DRIVER
"smtp"
MAIL_HOST
"smtp.mailtrap.io"
MAIL_PORT
"2525"
MAIL_USERNAME
"null"
MAIL_PASSWORD
"null"
MAIL_ENCRYPTION
"null"
AWS_ACCESS_KEY_ID
""
AWS_SECRET_ACCESS_KEY
""
AWS_DEFAULT_REGION
"us-east-1"
AWS_BUCKET
""
PUSHER_APP_ID
""
PUSHER_APP_KEY
""
PUSHER_APP_SECRET
""
PUSHER_APP_CLUSTER
"mt1"
MIX_PUSHER_APP_KEY
""
MIX_PUSHER_APP_CLUSTER
"mt1"
Key Value
APP_NAME
"StreakShot"
APP_ENV
"local"
APP_KEY
"base64:ReQmfEFXKLWiEg6BrcO2XKiMoAGvRdQy00AsMsYzrsk="
APP_DEBUG
"true"
APP_URL
"https://streakshot.com"
LOG_CHANNEL
"stack"
DB_CONNECTION
"mysql"
DB_HOST
"localhost"
DB_PORT
"3306"
DB_DATABASE
"streaksh_db"
DB_USERNAME
"streaksh_user"
DB_PASSWORD
".wdnNP8o^nUT"
BROADCAST_DRIVER
"log"
CACHE_DRIVER
"file"
QUEUE_CONNECTION
"sync"
SESSION_DRIVER
"file"
SESSION_LIFETIME
"120"
REDIS_HOST
"127.0.0.1"
REDIS_PASSWORD
"null"
REDIS_PORT
"6379"
MAIL_DRIVER
"smtp"
MAIL_HOST
"smtp.mailtrap.io"
MAIL_PORT
"2525"
MAIL_USERNAME
"null"
MAIL_PASSWORD
"null"
MAIL_ENCRYPTION
"null"
AWS_ACCESS_KEY_ID
""
AWS_SECRET_ACCESS_KEY
""
AWS_DEFAULT_REGION
"us-east-1"
AWS_BUCKET
""
PUSHER_APP_ID
""
PUSHER_APP_KEY
""
PUSHER_APP_SECRET
""
PUSHER_APP_CLUSTER
"mt1"
MIX_PUSHER_APP_KEY
""
MIX_PUSHER_APP_CLUSTER
"mt1"
0. Whoops\Handler\PrettyPageHandler