New Zealand organisations deal with an ongoing barrage of DDoS attacks – typically dozens able to be detected in some form each month. In September 2021 large organisations Kiwibank, ANZ, NZ Post and the Metservice have reportedly been hit by ongoing Distributed Denial of Service attacks which have blocked access to their websites, online banking and mobile banking apps.
What is a DDoS attack?
You can think of Denial of Service (or DDoS) cyber attack a little bit like what happens when too much traffic means roads are blocked for a period of time. However in a DDoS attack instead of roads it’s parts of the internet that is getting blocked – and these attacks are typically carried out maliciously for financial gain.
So let’s say people want to get to a location by car – if too many people are trying to reach that location all at once there can be an issue of too much traffic. In bigger cities such as Auckland, Wellington or Christchurch we see this with rush hour every day. And sometimes roads are blocked deliberately such as during a protest and then nobody can get to certain locations.
In a denial of service cyber-attack – it’s similar but online – with effectively too many computers trying to reach a particular website (such as your bank) all at once.
A cyber attacker can achieve this by controlling a very large number of computers and commanding those computers to flood a particular website and therefore make it inaccessible.
What can be done?
Organisations can reduce the impact of a Distributed Denial of Service (or DDoS) attack by preparing upfront and using a provider who are specifically geared up to protect against such attacks. This is especially important for businesses who have a customer portal or who carry out online transactions (ecommerce) through an online store. As of 2021, larger organisations such as banks are known to spend hundreds of thousands of dollars annually with third parties to help protect them against DDoS attacks.
It’s also possible for attacks to happen not just on websites, but on other key infrastructure – such as an online phone system, virtual private network link or office internet connection. Advance planning is always best, however infrastructure changes can be made on the fly when an organisation is under attack by cyber criminals.