Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Understanding DDoS cyber attacks – Expert Reaction

Cyber attacks have hit several New Zealand organisations this month, disrupting their online services.

The Distributed Denial of Service (DDoS) attacks were the same kind of cyber attack that affected the NZX around this time last year.

The SMC asked experts to explain how DDoS attacks work and how organisations can protect themselves.

Dr Rizwan Asghar, School of Computer Science, University of Auckland, comments:

“Recently, New Zealand banks, including Kiwibank and ANZ, MetService, NZ Post, IRD, and Vocus (a large Internet infrastructure provider in New Zealand) are among organisations that have been hit by DDoS cyberattacks. Consequently, users experienced issues with online services since last week. For instance, customers of Kiwibank and ANZ, facing cyberattacks almost over a week, could neither use banking app nor make online transfers. These cyberattacks are not new and remind me of a series of DDoS attacks lasting multiple days almost the same time last year.

“Using Distributed Denial of Service – in short DDoS – attacks, attackers aim to make the target system down such that it is not available to serve legitimate users, thus causing inconvenience, which could lead to financial loss for organisations due to service outage. Although DDoS attacks can be launched by groups and states equipped with the required resources and tools, an expert hacker can also generate attack traffic by controlling vulnerable devices connected to the Internet. Most of these devices are vulnerable because there are security loopholes that are not patched. Many owners are unaware that their devices are contributing to cyberattacks. In the absence of perceived harm, owners are not motivated to patch their devices, unfortunately.

“There could be different motivations behind DDoS attacks. Some of these motivations are financial, political, or a newbie hacker can attack just for fun. DDoS attacks are used as a service now. As a result, an individual, with little or no knowledge, can trigger up to a couple of million DDoS attacks for as little as NZ$10. All this calls for the defences against DDoS attacks more than ever. Large organisations can have in-house strategies for such defences. Another possibility is to use DDoS protection services offered by the Content Delivery Network providers. The fundamental issue is most New Zealand businesses are SMEs, and they might lack resources to implement cybersecurity defences.

“In the future, New Zealand organisations should be ready for a protection plan and properly respond to potential cyberattacks that are likely to be more sophisticated. In my personal view, to save online businesses from the risk of cyberattacks, the New Zealand government should create cybersecurity awareness campaigns and find ways to support them proactively. Otherwise, a passive approach, by the New Zealand government and organisations, to dealing with cybersecurity issues would result in a huge loss to New Zealand’s digital economy.”

No conflict of interest.

Dr Kenneth Johnson, Department of Computer Science, Auckland University of Technology, comments:

“Distributed denial of service (DDoS) is a very simple form of cyber-attack. The attacker overwhelms the victim’s server/website by sending many millions of data requests very rapidly. This means that the victim’s website for example cannot respond to legitimate requests. In these attacks, the victim’s data is not accessible, stolen or destroyed.

“This is a particular issue if the victim’s website is supporting transactions e.g., banks or shopping sites or responding to queries like a weather site. The distributed bit means that the attacker uses malware to take over lots of third-party computers to send the requests – these are then called ‘bots.’

“These may have been infected by phishing or other attacks. This means the attacker is both concealed – because the requests are coming from a very wide range of computers and also doesn’t have to use computing power or network bandwidth to mount the attack. In many cases the owners and users of the third-party computers won’t know that their computer is being used this way at all, and any computing device attached to the internet including routers etc. can be taken over.

“There has been a huge increase in the number and scale of DDoS attacks over the last few years. This is driven by more criminal gangs being interested in using them and probably by the move to home working, which may have made some computers more vulnerable to being taken over and used as botnets because of less-secure home networks and more shared computers etc.

“When attacks coincide with strict lockdown measures, it makes it harder to do commerce, shop online, and do our work online.

“To defend against DDoS attacks, the victims can increase their capacity to deal with requests, but this is normally a losing battle as the attackers can increase the number of bots they use at virtually no cost to them. More practically, websites and ISPs can identify and filter out these illegitimate requests as they are identified, and CERT and security companies are constantly improving these approaches.”

No conflict of interest.

© Scoop Media

Business Headlines | Sci-Tech Headlines


Amazon: AWS To Open Data Centres In New Zealand

Today, Amazon Web Services (AWS), announced plans to open an infrastructure region in Aotearoa New Zealand in 2024. The new AWS Asia Pacific (Auckland) Region will consist of three Availability Zones (AZs) and join the existing 81 Availability Zones across 25 geographic AWS Regions at launch... More>>


BNZ: Consumer Card Spending Climbing Out Of Delta Lockdown

New data from Bank of New Zealand (BNZ) shows card spending is heading back towards pre-delta lockdown levels. Spending on BNZ credit, debit and Eftpos cards has bounced back over the last three weeks and is now 14 per cent below the pre-delta lockdown average... More>>

Reserve Bank: A least regrets approach to uncertainty

The Reserve Bank of New Zealand – Te Pūtea Matua makes decisions about official interest rates in a way that is robust in the face of uncertainty about the economy, Reserve Bank Assistant Governor Christian Hawkesby says in a speech published today*... More>>

Fonterra: Completes reset, announces annual results and long-term growth plan out to 2030

Fonterra Co-operative Group Limited today announced a strong set of results for the 2021 financial year, reflected in a final Farmgate Milk Price of $7.54, normalised earnings per share of 34 cents and a final dividend of 15 cents... More>>

Statistics: GDP rises in the June 2021 quarter

Gross domestic product (GDP) rose by 2.8 percent in the June 2021 quarter, following a 1.4 percent increase in the March 2021 quarter, Stats NZ said today. June 2021 quarter GDP was 4.3 percent higher when compared with the December 2019 quarter... More>>

Energy-from-waste: $350 Million Plant To Deliver Renewable Energy Considered

Investigations have begun into the viability of building an Energy-from-Waste plant that will safely convert 350,000 tonnes of waste, that would otherwise be dumped into South Island landfills annually, into renewable electricity... More>>