Understanding DDoS cyber attacks – Expert Reaction

Cyber attacks have hit several New Zealand organisations this month, disrupting their online services.

The Distributed Denial of Service (DDoS) attacks were the same kind of cyber attack that affected the NZX around this time last year.

The SMC asked experts to explain how DDoS attacks work and how organisations can protect themselves.

Dr Rizwan Asghar, School of Computer Science, University of Auckland, comments:

“Recently, New Zealand banks, including Kiwibank and ANZ, MetService, NZ Post, IRD, and Vocus (a large Internet infrastructure provider in New Zealand) are among organisations that have been hit by DDoS cyberattacks. Consequently, users experienced issues with online services since last week. For instance, customers of Kiwibank and ANZ, facing cyberattacks almost over a week, could neither use banking app nor make online transfers. These cyberattacks are not new and remind me of a series of DDoS attacks lasting multiple days almost the same time last year.

“Using Distributed Denial of Service – in short DDoS – attacks, attackers aim to make the target system down such that it is not available to serve legitimate users, thus causing inconvenience, which could lead to financial loss for organisations due to service outage. Although DDoS attacks can be launched by groups and states equipped with the required resources and tools, an expert hacker can also generate attack traffic by controlling vulnerable devices connected to the Internet. Most of these devices are vulnerable because there are security loopholes that are not patched. Many owners are unaware that their devices are contributing to cyberattacks. In the absence of perceived harm, owners are not motivated to patch their devices, unfortunately.

“There could be different motivations behind DDoS attacks. Some of these motivations are financial, political, or a newbie hacker can attack just for fun. DDoS attacks are used as a service now. As a result, an individual, with little or no knowledge, can trigger up to a couple of million DDoS attacks for as little as NZ$10. All this calls for the defences against DDoS attacks more than ever. Large organisations can have in-house strategies for such defences. Another possibility is to use DDoS protection services offered by the Content Delivery Network providers. The fundamental issue is most New Zealand businesses are SMEs, and they might lack resources to implement cybersecurity defences.

“In the future, New Zealand organisations should be ready for a protection plan and properly respond to potential cyberattacks that are likely to be more sophisticated. In my personal view, to save online businesses from the risk of cyberattacks, the New Zealand government should create cybersecurity awareness campaigns and find ways to support them proactively. Otherwise, a passive approach, by the New Zealand government and organisations, to dealing with cybersecurity issues would result in a huge loss to New Zealand’s digital economy.”

No conflict of interest.

Dr Kenneth Johnson, Department of Computer Science, Auckland University of Technology, comments:

“Distributed denial of service (DDoS) is a very simple form of cyber-attack. The attacker overwhelms the victim’s server/website by sending many millions of data requests very rapidly. This means that the victim’s website for example cannot respond to legitimate requests. In these attacks, the victim’s data is not accessible, stolen or destroyed.

“This is a particular issue if the victim’s website is supporting transactions e.g., banks or shopping sites or responding to queries like a weather site. The distributed bit means that the attacker uses malware to take over lots of third-party computers to send the requests – these are then called ‘bots.’

“These may have been infected by phishing or other attacks. This means the attacker is both concealed – because the requests are coming from a very wide range of computers and also doesn’t have to use computing power or network bandwidth to mount the attack. In many cases the owners and users of the third-party computers won’t know that their computer is being used this way at all, and any computing device attached to the internet including routers etc. can be taken over.

“There has been a huge increase in the number and scale of DDoS attacks over the last few years. This is driven by more criminal gangs being interested in using them and probably by the move to home working, which may have made some computers more vulnerable to being taken over and used as botnets because of less-secure home networks and more shared computers etc.

“When attacks coincide with strict lockdown measures, it makes it harder to do commerce, shop online, and do our work online.

“To defend against DDoS attacks, the victims can increase their capacity to deal with requests, but this is normally a losing battle as the attackers can increase the number of bots they use at virtually no cost to them. More practically, websites and ISPs can identify and filter out these illegitimate requests as they are identified, and CERT and security companies are constantly improving these approaches.”

No conflict of interest.