Skip to content

DDoS attacks on NZ Institutions, is it A Blast from the Past?

Just about a year ago, New Zealand’s stock exchange was brought to its knees by a textbook Distributed Denial of Service (DDoS) attack. Now, ANZ bank and several institutions in New Zealand have experienced another DDoS attack.

At present, there seems to be nothing serious about the attack, and all websites are back online. In this article, let us examine a few questions, though. What were the consequences of last year’s attack?  Was the recent one a failed attack? Could it have been a guerrilla attack or other possibilities?

A quick Recap about the 2020 DDoS Attack On New Zealand institutions

In August 2020, a Russian hacking group Fancybear launched a devastating DDoS attack. The NZX website received a tsunami of  unnecessary offshore digital traffic that made the website inaccessible for everyone. The attack denied all access to the New Zealand Stock Exchange website, even to post the mandatory announcements. The attack crashed trading entirely for two days. Once the server was re-routed the following day, the website experienced intermittent traffic for the next two days.

What does the DDoS attack on ANZ and others mean?

The recent attack on ANZ bank, Kiwibank, MetService, New Zealand Post, and Inland Revenue websites was only short-lived. A coordinated attack like this may cause one to assume that there was a purpose, but since it did not last long the question is, was it a failed attack since the CERT-NZ had warned several institutions?

Now that the fog has cleared, it seems so, and the institutions have not heard from the attackers. In this case, it appears the attack may have been mitigated. Let’s discuss what a DDoS attack is and how they can be prevented.

DDoS attacks and what does it mean?

Now, let us look at the potential harm a DDoS attack could do.

A DDoS attack aims to overload your IoT device, server, website, or any web application. The final goal is to interrupt your services either temporarily or permanently. Contrary to the popular notion, the majority of victims of DDoS attacks are small and medium-sized businesses.

An excellent example of the devastation of a DDoS attack is the 2007 Estonia situation. The attack almost took the entire country of Estonia offline because of the then prevailing high tensions with Russia.

The two major situations that a DDOS attack can cause are:

  • DDoS attacks will cause your websites or assets to keep going offline, periodically or for days or weeks, even as you try to recover. If any part of your business is not online, this can be devastating.
  • DDoS can also be a cover or diversion to perform other attacks such as data theft or breach. The denial of service makes the detection of data theft difficult or impossible.

Preventing a DDoS attack

The biggest weapon to combat a DDoS is preparing for such an attack. CERT NZ has been tight-lipped about the attack, and reasons are yet to be known. Either way, it is safe to say that at least a few organizations were warned and prepared for such an attack. They had a proper plan of action to reduce the damage.

Not every medium and small business can be prepared for such an attack. The experts at Alliant Cybersecurity can help you. We assess your infrastructure regularly and prepare your defenses for a potential zero-day attack. Our team can build you a multilayered DDoS protection infrastructure.