For the fourth time this week, New Zealand’s trading exchange has been halted due to distributed denial of service (DDoS) attacks.

The attacks appear to have hit New Zealand’s largest telecommunications network provider, Spark, where a volumetric DDoS attack came from offshore.

The NZX is understood to have now moved its domain nzx.com to multinational content delivery network, Akamai Technologies. The website for the bourse (a market organized for the purpose of buying and selling) is still serviced by a content delivery network run by Red Shield in Wellington.

The attack effectively downed system and network connectivity by saturating the network with significant volumes of internet traffic, halting the network for several hours each time and stopping NZX trading lines along with it.

Photo credit: NZX, Supplied

Along with limiting trading, it’s a timely reminder for organisations to protect themselves.

A DDoS attack involves unsolicited control to a network of online machines. It happens when the attacker inundates the organisation’s site with traffic from multiple sources, with the impact of overwhelming the web server forcing it to either crash or be shut down.

While neither NZX nor Spark have commented on the source or location of the hackers, experts are saying the cyber attacks were highly motivated and serious.

JMI Wealth director Andrew Kelleher told Mike Hosking on Newstalk ZB that the cyber attack was clearly a “very motivated and very serious act”.

Speaking with Radio New Zealand, Auckland University of Technology Professor Dave Parry said the NZX attacks were likely conducted by a “mafia type” gang of hackers.

“It [the DDoS attack] indicates whoever’s doing the attacking is probably significantly skilled. These are quite sophisticated gangs and thinking along the lines of mafia type people is about right really, you’re not really able to do this on a shoestring,” he said.

Parry has also warned that DDoS attacks may be more common, as hackers seek to take advantage of vulnerable current circumstances while the world is not looking.

“Unfortunately the skills and software to do this are widely available and the disruption of COVID and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual.”

DDoS attacks are targeted more toward businesses or organisations than they are individuals.

For business, the major implication is that online services or support may not work until the attack is over, which can harm reputations and bear financial consequences for both companies and customers.

If they do hit individuals, the cause is usually financially or politically motivated. In 2016, the blog of American investigative journalist and cybersecurity expert, Brian Krebs, was attacked, taking hostage an excess of 620 Gbps – at the time the largest attack ever seen. The source of the attack was a new type of malware: the Mirai botnet that has since gone on to be used to exploit holes in IoT devices, such as IP cameras, home routers and video players, via remote operation.

UMBRELLAR’S TIPS FOR MITIGATING DDOS ATTACKS

Throughout 2020, Umbrellar experienced on average 1 DDoS attack per week against its infrastructure and hosted customer platforms.

Umbrellar’s Technology Solution Architect, David Garrett, explains, “Volumetric attacks look to saturate and use up all available bandwidth, preventing legitimate traffic from reaching your website or service.”

The vast majority of DDoS attacks are successfully mitigated automatically by Umbrellar’s upstream internet provider or protected by established protection methods:

• Use a Web Application Firewall to filter legitimate requests to the back-end web server.
• Use an internet provider who offers DDoS mitigation capability.
• Host your public facing websites using DDoS protected internet connectivity.
• Use a CDN or caching service to filter incoming traffic.
• Host your public facing websites on the public cloud, which has the bandwidth and infrastructure to handle DDoS traffic volumes.
• Design your infrastructure to scale up with increased load and compute capacity.
• Ensure your websites, servers and infrastructure are properly patched, configured and secured so that they can’t be used to participate in DDoS attacks against others.