We have recently experienced repeated distributed denial-of-service (DDoS) attacks on high-profile Aotearoa organisations such as Kiwibank, ANZ, NZ Post, MetService and the Ministry for Primary Industries.
This has led to people being unable to do their banking or access weather information they are relying on for business or recreation.
Earlier in the year, we saw trading on the country's stock exchange halted due to a major attack from overseas.
It almost feels like someone has it in for Aotearoa.
So who is behind these DDoS attacks?
Attribution, or working out who is carrying out an attack, is complicated in cybersecurity, partially because the Internet was designed to route around failure.
You can reach a target organisation via multiple pathways—handy if one of them is suddenly blocked, because you can route around the blockage.
At the same time, attackers can use numerous routes that pass through multiple computers across multiple national boundaries. Worse, the computers launching the attack might themselves have been compromised by an attacker.
Increasingly, always-connected devices like routers or webcams are being taken over by hackers and used to launch denial-of-service attacks. Do you know what your baby cam was doing last night when you were asleep?
Why are people launching these attacks, then?
It can be nation states wanting to disrupt their neighbours’ lives. The denial-of-service attacks on Estonian government agencies and businesses were quite likely the result of such a stoush.
Or criminal gangs wanting to extort companies. This illegal activity predates even ransomware, the new kid in town.
Some experts argue that hackers have realised that, with the increased interest in cryptocurrencies, they can blackmail organisations and receive their ransom in an untraceable form.
Sometimes even when no blackmail is being asked for, the purpose of the DDoS is to demonstrate their capabilities to people wanting to hire them. These services are known as booster or stressor services.
Individuals or hacking crews are motivated by prestige, and winning community kudos might also be a catalyst for carrying out DDoS attacks. They may be less likely to be doing this for financial gain but are interested instead in demonstrating their skills or winning an online game by slowing down their opponents.
Lost any online poker games lately because you suddenly were laggy? You might have been the target of a DDoS attack.
So why is Aotearoa being targeted?
The “almost” good news is that there has been a significant worldwide increase in DDoS attacks since the start of the pandemic.
A study on this question by the Cambridge Cybercrime Centre concluded that lockdown, with associated boredom and free time, increases such activity. More people have time to carry out the attacks because they are stuck at home, and boredom has led to new attackers getting involved.
Recently the antivirus vendor Kaspersky Lab also came to a similar conclusion, saying cybercriminals have also had to cancel their holiday plans and work more from home.
Ransom DDoS has been on the rise. One well-known bad actor is 'Fancy Lazarus', which has been active across Europe with attacks on Internet Service Providers with the knock-on effects on their customers. These attacks are sometimes intermittent, lasting only around 20 minutes but happening regularly, something we have seen with the recent attacks in Aotearoa.
More recent attacks have seen cloud services used by companies as the target. This reflects the increased use of services such as Amazon EC2, Microsoft Azure and others rather than in-house computing.
The best thing a company can do is plan for the worst and work out its risk. What would be the cost of being down or having intermittent service to your customers?
Work with professionals to develop a plan on what to do when attacked and work with ISPs and your system providers to put in place redundant services with the ability to scale under attack.
Given the likelihood that working from home due to pandemics and the inevitability of natural disasters means that any strategy also has to consider workers—for example, many organisations use VPNs to access office systems—what happens if an attacker targets these?
Finally, the attackers are constantly evolving their techniques, so we need to lift our game.
Kia kaha Aotearoa!
Ian Welch is associate professor of computer science in Te Wāhanga Ahunui Pūkaha– School of Engineering and Computer Science at Te Herenga Waka–Victoria University of Wellington.
View the original article on Newsroom.