[ad_1]
The government still has no clues as to who might be behind the cyberattacks against NZX, RNZ and other things, says GCSB Minister Andrew Little.
Media companies and banks appear to have been targeted by the same cybercriminals who took the NZX website offline for periods of five consecutive business days.
Little told RNZ that other organizations in Southeast Asia and North America had been targeted by distributed denial of service (DDOS) attacks that had the same ‘modus operandi’ and that the government was working with their ‘Five Eyes partners. ‘ to investigate .
The criminals are believed to have claimed in ransom notes sent to some victims before the attacks that they were associated with a notorious Russian group called Fancy Bear, but Little believed it was “a decoy.”
READ MORE:
* Stock market website crashes after NZX ensured cyberattack contingency plans were in place
* Five Eyes cybersecurity agencies will participate in the fight against NZX cyber attacks
* ‘Hell to pay’ from KiwiSaver managers if NZX doesn’t overcome cyberattacks
The attackers are more likely to be financially motivated criminals than “state actors,” he said.
Things said spokeswoman Candice Robertson Stuff he had been the target of a DDOS attack on Sunday from which he had successfully defended himself.
“It is important to note that Stuff the site remains secure, ”he said.
Christel Yardley / Stuff
Most organizations can defend against DDOS attacks, says GCSB Minister Andrew Little.
RNZ spokeswoman Charlotte McLauchlan said she had also experienced multiple DDOS attacks in the past 24 hours.
“We understand that this may have been the same group that has been attacking the NZX and we are currently investigating,” he said.
“Our site remains secure and this has not affected our audience.”
The country’s largest banks are beefing up security to protect themselves from similar attacks.
The banks are understood to have faced attempted attacks, although the Reserve Bank said it had not been informed of any major problems over the weekend.
Little said that most organizations were prepared for DDOS attacks and were able to “absorb them without interruption.”
“They vanish once it is clear that they are not going to give any response that the attacker might want,” he said.
TOM PULLAR-STRECKER / THINGS
Things have been defended from attack.
“Our strong advice is to never pay a ransom if requested.”
Declan Ingram, deputy director of cybersecurity agency Cert NZ, said he treated the attack reports as confidential and that “questions related to specific organizations should be directed to that organization.”
Cert NZ warned on November 1 last year that it had received reports of “extortion emails targeting financial sector companies in New Zealand.”
He said then that emails claiming to be from a Russian group under the name Fancy Bear / Cozy Bear demanded ransoms in exchange for preventing an attack.
Cert NZ advised companies in November to verify that their Internet-facing systems do not expose certain protocols that could make them more vulnerable.
He also suggested they consider a “DDOS protection service, like Cloudflare or Akamai” to prevent DDOS traffic from reaching and overloading their systems.
Supplied
The cybercriminals behind the attack on NZX are believed to have assumed the identity of a notorious Russian gang.
NZX is known to have engaged the services of Akamai in their battle against their attackers.
Spokesperson David Glendining said NZX had “well established processes for maintaining cybersecurity advice from a variety of sources, including Cert NZ.”
“NZX applies this to our network architecture and systems on an ongoing basis to ensure that they meet contemporary cybersecurity standards and address all known threats,” he said.
He declined to comment on whether Cert NZ’s November warning had prompted any specific action.
“As a matter of principle, we do not comment publicly on our specific cybersecurity agreements or how we are responding to specific threats,” he said.
Robertson said that Stuff had contacted GCSB to inform them of the attempted attack on their website.
Stuff was an Akamai customer, he said.
A BNZ spokesperson said it was “constantly investing in and improving” security to protect against these attacks.
“We do not comment on specific cybersecurity events, but every day criminals try to attack organizations around the world. We work hard to protect our customers and our critical infrastructure from these attacks, ”he said.
An ANZ spokesman said the bank took the risk “very seriously” and was on high alert.
“We have been working closely with industry bodies and our Internet service provider to stay informed of the status and nature of the threat, and we have been actively collaborating with government agencies and our regulators,” they said.
Monique Ford / Stuff
State broadcaster RNZ said he was attacked on Sunday.
“We believe our current security configuration is adequate and we remain on high alert.”
The New Zealand National Cyber Security Center said in an advisory on Monday that the ongoing campaign of denial of service attacks was targeting “a number of global entities, predominantly in the financial sector.”
He advised organizations to consider whether a “temporary denial of access to online services” was acceptable to them and advised them on the steps they could take otherwise.
Last-minute defenses were possible, but not as effective as pre-prepared measures, he said.
The NZX website crashed on Monday shortly after NZX claimed that contingency agreements were in place to allow trading to continue in the event of another cyber attack.
The NZX trading exchange itself has been able to operate during the attacks, but the DDOS attacks meant that some investors might not be able to see market-sensitive announcements on the NZX site.
Concerns that some investors might be disadvantaged by this led the NZX to periodically suspend trading last week.
In a blog post on Aug. 17, Nasdaq-listed online content delivery giant Akamai Technologies said that attackers posing as Fancy Bear and Armada Collective were targeting US banking, financial and retail companies. all the world.
The ransom demands initially started in tens or hundreds of thousands of dollars, payable in Bitcoin, and increased if the ransoms were not paid, he said.
The NZX is believed to have received such a ransom demand, but has not confirmed it and declined to comment on whether it has any policies on paying ransom.
