Kiwi Bank and ANZ along with New Zealand Post, Inland Revenue and Metservice experienced blackouts due to a cyberattack earlier today.
Cyber attackers took down multiple New Zealand websites and services today in what appears to be a coordinated success.
Kiwi Bank and ANZ customers also reported problems with internet banking and their accounts being blocked.
And the government’s computer emergency response team, CERT NZ, confirmed that it is monitoring multiple denial-of-service attacks.
AUT computer science professor Dave Parry says the attacks are similar to those that hit businesses this year.
“It is very similar to the attacks that occurred earlier this year, indeed what is happening is that the attackers allegedly criminal gangs are effectively configuring many bots as they are called, which are computers that they control by inserting a virus into them and those are all about the world.
“Basically they are coming to these websites with a lot of requests, so much so that the websites can’t cope with that and then they can’t serve anybody and effectively what is happening is that the way they are doing it is attacking you. . They ask for ransom money. “
Although some people may expect banks to have security measures in place, Parry says these attacks put banks in a precarious situation.
“The problem is that what happened in this situation is the way you defend against these attacks if you effectively identify that the requests are suspicious in some way … now they will, but they don’t want to block legitimate requests either.
“So, particularly for banks, they are in a pretty difficult position because, of course, people want transactions to continue and you don’t want to be blocked from carrying out a transaction because the bank is suddenly in the middle of its life. transaction says ‘well, I’m not sure about your computer anymore, maybe it will lock you up a bit’ “.
“Banks have a pretty delicate balancing act, and quite often in this situation what happens is that banks deliberately reduce the amount of service they provide over the Internet in order to better manage it.”
The banks’ response does not indicate that they are not doing their job, but rather that they are taking care to reduce the number of transactions that are affected, Parry says.
He says criminal groups will know that New Zealand has been on lockdown and this could provide additional motivation to attack.
“Certainly that kind of thing will happen, these guys are constantly monitoring weaknesses in both security and events that are happening that can persuade people to be more vulnerable.”
“Anywhere that’s blocked, more internet will be used, so it’s a good time to attack if you’re doing that kind of thing.”
With many people around the world working from home due to the Covid-19 pandemic, Parry says cyber security measures are more likely to slip and this may allow attackers to hijack more computers.
“To tell the truth, I think in the world of Covid, where so many people work from home, security tends to fail … people share computers, use local WiFi, and do all sorts of things.
“I think there is probably some kind of effect going on in some of the places where computers are being hijacked to attack that more of that is happening because of Covid and because more (people) are working from home.”
Parry says that many of the cyberattacks come from US-based computers, with gangs staging attacks from abroad to attack places like New Zealand.