[ad_1]
NZX and MetService may feel somewhat embarrassed after their websites were taken offline by distributed denial-of-service attacks over the past two weeks.
But if some experts are right, it is the attackers themselves who can appear to be the real amateurs when they go out of pocket and with various spy agencies behind them.
Distributed Denial of Service (DDoS) attacks involve cybercriminals overloading and blocking an organization’s online services by bombarding its Internet access systems with large amounts of fake traffic.
Ricky Wilson / Stuff
NZX endured the brunt of the recent cyberattacks on various New Zealand organizations.
The NZX attackers, assuming it is a group, have targeted an eclectic mix of Kiwi organizations.
READ MORE:
* ‘You don’t want to be like them, do you?’ The sinister message that precedes a DDoS attack
* GCSB examines extortion email sent to NZX prior to DDoS attack
* Blaming the victims plays into the hands of DDOS attackers
Westpac revealed that it fought a DDoS attack in mid-August.
Spokesperson Max Bania said “a a small number of customers ”may have experienced intermittent problems logging in for a short period, but that was quickly resolved.
ROBERT KITCHEN / Things
GCSB Minister Andrew Little has sent a clear message to New Zealand businesses that cyber ransom payment “is not activated.”
TSB experienced an interruption in its banking services on Tuesday, although it has not said whether it was the target of a DDoS attack.
Media companies Stuff and RNZ confirmed that they had suffered attacks that they successfully defended.
Interestingly, the Mt Ruapehu skating rink also appears to have been attacked, with its parking reservation system “deliberately blocked by an external cyber attack” on Wednesday morning.
But it was NZX that bore the brunt.
It is understood that the attack on your infrastructure peaked at more than 1 terabit per second of false data.
It may not have been far from the largest DDoS attack ever reported globally, a 2.3Tbps assault on a customer of cloud computing giant Amazon Web Services in February.
Supplied / Stuff
A DDoS attack on the Mt Ruapehu ski field may be a sign that attackers are not adept at picking New Zealand targets.
Sean Duca, the Sydney-based regional security director for US cybersecurity firm Palo Alto Networks, said it was more common for attacks to peak at about a fifth of a terabit, or 200 gigabits per second.
DDoS attacks have been used in the past as a form of civil disobedience.
In 2012, activists associated with the hacking group Anonymous expressed outrage at the arrest of Kim Dotcom in New Zealand by temporarily blocking access to the websites of the FBI, the Department of Justice and the US record label Universal Music Group.
Anonymous also disrupted the New Zealand Parliament website for two days in 2011 to protest against a change in copyright law.
They can also have political objectives.
The entire country of Estonia was largely disconnected in 2007 during a period of high tensions with neighboring Russia.
But the latest DDoS attacks in New Zealand appear to be financially motivated based on emails and ransom demands sent to at least some victims, including the NZX.
The attacks may be part of a global campaign that New Zealand’s cybersecurity agency Cert NZ first warned about in November last year threatening financial services companies around the world.
David White / Stuff
DDoS attacks last made headlines in New Zealand following the arrest of Kim Dotcom in 2012.
According to internet infrastructure giant Akamai, the group that sparked that warning also targeted payment services PayPal and WorldPay and an Indian bank.
It reported that the criminals were demanding ransoms in bitcoins of tens or hundreds of thousands of dollars to prevent or cancel their attacks.
Duca said that companies that have been brought to their knees by the much more serious scourge of ransomware hackers might be inclined to pay ransoms to unlock their data and prevent it from being auctioned online, even though paying such ransoms is “little ethical”.
He had also heard “third hand” that organizations in Australia paid blackmail demands to save themselves from a denial of service attack, but not from any in New Zealand that did.
Bruce Armstrong, director of Wellington-based cybersecurity firm Darkscope, believed there was little chance that any New Zealand organization would pay today’s DDoS attackers.
“I suspect that anyone who receives a ransom note in New Zealand is likely to seek help rather than pay for it,” he said.
“Look at our corruption rates.
“I think it is something very ingrained in New Zealand; ‘Why should you charge just because you can rescue me? I prefer to fight you even if it costs me more, ”Armstrong said.
GCSB Minister Andrew Little has warned that it is “never ethical” to pay a cyber ransom and has opened the door slightly to consider a legal ban on such payments.
The emergence of cyber currencies like bitcoin has made bailouts much easier to demand.
He predicts that the attacks will simply “go away” as the attackers’ victims get better at blocking spurious traffic thrown at them and propping up their systems.
Armstrong agrees, assuming no one cheats by paying a ransom.
“It can fail if the attackers get no ransom and I don’t think they have been successful to date.
“There are easier places to go,” he said.
No one knows how long that message may take to reach the attackers.
But in the meantime, they will chew small amounts of cash and hopefully bang their heads against a brick wall.
Typically, DDoS attackers hire a network of hacked computers or “botnets” via the dark web to launch their attacks, paying by the hour or by the day for a certain amount of bandwidth.
An attack with a 1 Tbps spike is likely to require at least tens of thousands of hijacked devices.
Duca said that some 190,000 hacked IPTV cameras – cameras that are connected to the Internet – were seized by criminals and used to carry out another terabit-scale DDoS attack in 2016 that destroyed much of the Internet on the East Coast of the United States.
Jonathan Sharrock, CEO of Cyber Citadel, a New Zealand-based online security testing company, believed that botnets capable of a typical DDoS attack could be rented for about $ 60 (NZ $ 89) a day.
That would put the total cost of the largest and most sustained DDoS attacks New Zealand has experienced in recent weeks at perhaps thousands of dollars.
Unsplash
The FBI’s efforts to disrupt botnets used to launch DDoS attacks and other cybercrime have proven to be short-lived success.
In addition to bearing that loss, the attackers now have the GCSB and its “Five Eyes” partner agencies on their case.
Little said last week that the only clue they had to the identity of the attackers was the email demands they sent to the victims.
One security expert said it might be possible to prove who was behind the attack by examining the devices that were part of the botnet, discovering who controlled them, and then finding out who hired them again.
DDoS attacks reportedly more than halved after the FBI acted in 2018 to shut down 15 of the most active websites selling control of botnets, the latest in a series of sporadic actions to fight the attackers.
No one knows where any trail might lead this time.
Duca said that a spike of more than 1Tbps suggests that the NZX attack was more than the work of a single person.
“It would be more like a group than an individual.
“When you start looking at the biggest campaigns, you have to plan them and be methodical. He’s not someone ‘shooting from the hip’, so to speak. ”
