DDoS Attack Disrupts New Zealand Banks, Post Office
Critical Infrastructure Security
,
Cybercrime
,
DDoS Protection
NZ CERT: Intermittent Disruptions at Financial Organizations
New Zealand’s Computer Emergency Response Team, or CERT, says it is aware of ongoing distributed denial-of-service attacks that have disrupted services at several financial organizations in the country, and it is monitoring the situation and working with affected parties.
See Also: Rapid Digitization and Risk: A Roundtable Preview
Reuters on Wednesday reported that websites of several financial institutions and New Zealand’s national postal service were briefly shut down, and officials said they were battling a cyberattack.
Some of the affected organizations were able to bring their services back online, but they are still experiencing intermittent disruptions.
Intermittent Disruptions
The country’s national postal service, NZ Post, says that it is currently experiencing intermittent disruptions with its website. NZ Post has also warned its customers about an ongoing email phishing campaign that was crafted to appear as if it had been sent by NZ Post.
In a Facebook post, the postal service apologized to customers for the disruption.
It is not clear whether the attack is due to an ongoing email phishing campaign for which NZ Post issued a warning in late August.
Other Victims
KiwiBank, a New Zealand state-owned bank and financial services provider partly owned by the New Zealand Post, has also been affected by the current DDoS attack. It too has issued an apology to customers, saying in a tweet that it is working to fix intermittent access to its app, internet banking, phone banking and website. p>
In addition, KiwiBank notified customers that it is reversing any fees they have incurred due to the outages, which includes phone banking fees and fees charged when a payment is made from an account that does not have enough funds to cover it.
Other victims include ANZ Bank New Zealand Ltd, a New Zealand banking and financial services group that operates as a subsidiary of Australia and New Zealand Banking Group Ltd. of Australia. On Wednesday in a Facebook post, ANZ Bank New Zealand Ltd. said it had experienced an outage that affected access to some of its online services.
The company later reported: “Back online; services may be intermittent due to high demand at times.” The bank also says it is still having some technical issues with services such as internet banking and its goMoney app.
Spokespersons for NZ CERT, ANZ Bank and KiwiBank were not immediately available to answer ISMG’s requests for additional information.
Increase in DDoS Attacks
DDoS attacks are increasing. In August, security firm Cloudflare released a report saying it had detected and mitigated a 17.2 million request-per-second distributed denial-of-service attack – almost three times larger than any previously reported HTTP DDoS attack (see: Record-Setting DDoS Attack Hits Financial Service Firm).
In June, telecommunications equipment manufacturer Nokia’s data analytics division, Nokia Deepfield, reported that the daily peak of DDoS attack traffic increased 100% from January 2020 to May 2021, reaching 3 Tbps, with most of the high-bandwidth, high-intensity attacks originating from less than 50 hosting companies.