Below is an excerpt from the article “’You don’t want to be like them, do you?’: The ominous message that precedes a DDoS attack” as published in Stuff (stuff.co.nz). By John Anthony
Just when you thought 2020 couldn’t get any stranger, we’ve now got armies of infected “zombie computers” attacking institutions including the New Zealand stock exchange and the national weather bureau.
NZX, MetService, Mt Ruapehu skifield and Westpac have all been affected by recent distributed denial of service (DDoS) attacks. Stuff and RNZ have also been targeted but managed to fend them off and TSB reported an incident to authorities after its services spontaneously crashed on Tuesday.
While it’s not clear if the attacks have been committed by the same group the GCSB’s National Cyber Security Centre (NCSC) sent an advisory in late August saying it was aware of an ongoing campaign of “malicious cyber activity” affecting New Zealand entities.
The cybercriminals, or actors, behind the attacks first send their targets an email warning of an imminent DDoS attack unless ransoms are paid in cryptocurrency, bitcoin.
If ransom demands are not met a DDoS attack is launched causing a company’s site to repeatedly crash due to being swamped by overwhelming volumes of online traffic.
The wave of attacks is being investigated by the Government’s cybercrime fighting unit the GCSB and Five Eyes partners. The Government’s National Security System has also been activated.
Jonathan Sharrock, chief executive of New Zealand online security testing firm Cyber Citadel, said the tools needed for an attack could be purchased form the dark web for US$10 to US$60.
But accessing the dark web was not a simple exercise and generally required having connections to those who already had access, he said.
Furthermore, the language used on the dark web was very specific and newcomers were easily outed, he said.
“You or I would get spotted straight away.
“You need to know the lingo.”
Sharrock said with a DDoS attack there was little a victim could do themselves to repel the offensive.
They needed to be protected by their telecommunications provider, as far upstream the connectivity network as possible, he said.
Telcos were the first line of defence when an attack was launched and their systems should “scrub” out the vast volume traffic flow, sorting the offending DDoS traffic from legitimate data, he said.
“The tsunami of malicious traffic should be stopped at the border by the telco provider.”
Recent attacks could suggest service agreements between a company and its telco provider did not provide enough bandwidth protection for a volume-based attack, he said.
“If that is the case, New Zealand’s telco’s will quickly have to bulk up their band-width capability on behalf of their customers to sustain what are now the biggest volumetric online attacks we have ever tracked.”
Full article published in Stuff (stuff.co.nz) – 4 September 2020 ‘You don’t want to be like them, do you?’: The ominous message that precedes a DDoS attack