Credit: Christiaan Colen

Cyber attack campaign warning – Expert Reaction

An ‘ongoing campaign’ of cyber attacks has prompted the GCSB to issue a warning for New Zealand businesses.

Two major news outlets have been hit with unsuccessful cyber attacks today, but the attacks have taken the NZX website down for the fifth trading day in a row – although trading continues.

The SMC asked experts to comment.

Dr Rizwan Asghar, School of Computer Science, University of Auckland, comments:

“We should learn a lesson from the DDoS attacks on the NZX and consider cybersecurity strategies more seriously. Cybersecurity is not an add-on or a plug-and-play thing.

“We should take a pro-active approach to mitigate cyber attacks instead of following a reactive one, including paying any ransom, which is highly discouraged. Otherwise, determined cyber criminals can target any critical infrastructure that could result in financial and reputation losses.”

No conflict of interest declared.

Associate Professor Lech Janczewski, Department of Information Systems and Operations Management, University of Auckland, comments:

“Distributed Denial-of-Service (DDoS) is one of the most powerful weapons on the internet. It attacks websites and online services with more traffic than they are able to accommodate, resulting in site crash.

“The DDoS attack consists of three phases:

  1. The attacker picks a type of DDoS attack, finds or develops necessary software.
  2. They install that software on unprotected computers (called “zombie computers”) practically forming a network of computers. This network is called a “botnet”. The number of computers in a botnet may exceed 100,000.
  3. At a given time or signal all zombies start sending messages to the attacked site resulting in its crash.

“DDoS attack software is constantly evolving and attack vectors are becoming more and more complicated. Hence instead of developing a new DDoS attack software a hacker may buy one (using bitcoins) on the dark web. Due to the DDoS characteristics only the biggest and most vulnerable sites are targets of these attacks.

“Defence against a DDoS attack, when it is launched, is extremely difficult. Installing fire detectors when you are under fire is useless. Perhaps the only solution is to switch off the site.

“There are a number of ways to minimise the impact of a DDoS attack:

  1. Install a system which can detect the launch of a DDoS attack against your site.
  2. When a DDoS attack is detected notify your ISP to re-route attacking messages.
  3. You may have a backup ISP and/or you may create a “black hole” which may absorb all DDoS traffic without damage.
  4. You should configure firewalls and routers to identify DDoS attacking traffic.
  5. Also you should install and set up intrusion detection systems. DDoS attacks may not be necessary based on directly flooding the site with traffic.
  6. Artificial intelligence could be used to coordinate all the above activities.

“The involvement of the GCSB is a positive move, but why was it not taken before the attack was launched?”

No conflict of interest.