ANZ and Kiwibank appear to have made progress recovering from a cyber attack that made their online services inaccessible for many New Zealanders on Wednesday.
Cyber security agency Cert NZ said it was aware of a distributed denial of service (DDoS) attack targeting a number of organisations.
“We are monitoring the situation and are working with affected parties where we can,” it stated in a tweet.
DDoS attacks involve cyber-criminals overloading and crashing an organisation’s online services by bombarding their internet-facing systems with vast amounts of traffic.
Because they do not involve hacking into an organisation’s computer systems, there is no risk of bank customers losing money or having information stolen through this sort of attack.
Rather, they are purely designed to create inconvenience.
* Websites of airlines, banks and retailers back up after global outage
* TSB, Kiwibank services hit by outages
* 1800 banking sector staff get pay rise as industry commits to living wage
Hundreds of users began reporting problems accessing the online services of ANZ, Kiwibank and NZ Post from shortly before 9am on Wednesday.
The volume of complaints started to drop off by the late morning, with a smaller, second spike in reported problems for ANZ shortly after noon.
ANZ spokesman Stefan Herrick said earlier that the bank was experiencing an outage in internet banking that meant customers were not able to access their accounts online.
“Our team has been made aware and are working as quickly as possible to get this back up and running. We apologise for any inconvenience this is causing.”
Outage reporting website Down Detector showed a spike in reports of problems with the ANZ site just before 9am.
That peaked at 1041 complaints in a 15-minute period shortly before 11am.
NZ Post said in a statement that it had experienced “intermittent disruptions” which it put down to an “issue that one of our third-party suppliers is experiencing”.
“We are working closely with them; however, it is too early at this stage to understand when this issue will be resolved.”
It asked customers to only call if their enquiry was about a parcel that had been delayed longer than five days.
A Kiwibank spokesperson said the bank was having intermittent issues with some services, including internet banking, its app and website.
“We’ve identified the cause and are working hard to fix the issue. Our priority is continuity of service for our customers,” it said.
“We apologise to our customers for any inconvenience caused and thank them for their patience and support.”
Internet users also reported problems on Wednesday with web services for MetService and the Ministry for Primary Industries.
On Friday, users of the country’s third-largest internet provider, Vocus NZ, were knocked offline by a cyber attack on one of its customers and a subsequent error.
Vocus owns the Orcon, Slingshot and Stuff Fibre internet brands and also provides the internet infrastructure for Sky Broadband which was also impacted.
The problems began shortly after 1pm on Friday, but had been resolved about 2pm.
Vocus NZ initially reported that its network had been impacted by a DDoS attack.
But chief executive Mark Callander later clarified that it was not its own network but a customer that had been attacked and that its service had been impacted unexpectedly by the measures it used to protect its customer.
What are DDoS attacks?
Often simply described as denial-of-service attacks, DDoS attacks are carried out by cyber-criminals who hire or hijack large numbers of malware-infected computers.
They use these to bombard an organisation’s online services with huge amounts of traffic, such as requests to connect, overloading them so they can’t deal with genuine requests and they appear to be offline.
Large organisations generally defend against DDoS attacks by using technology tools to identify and shut off the sources of the spurious traffic bombarding their services, which can originate from networks of malware-infected computers that could be anywhere in the world.
Attackers often route their rogue traffic through poorly-configured web servers owned by legitimate organisations, to disguise the true source of their attacks.
Sometimes attacks stop, only to be re-routed or restart from a different source, which can make the task of shutting down denial-of-service attacks a game of ‘cat and mouse’.
Commonly, attackers demand ransoms to stop their attacks, though it is believed these are rarely paid.
Past DDoS attacks
DDoS attacks have been around for decades.
Both attackers and defenders have got better at their games.
But the growing availability of fibre-to-the-home means the compromised computers that are usually used to conduct attacks can pack more of a punch because they can send out more rogue traffic.
September 2020, 2021: A customer of New Zealand’s third largest internet provider, Vocus, experienced a denial-of-service attack. Vocus’ attempts to help it defend the attack went wrong, resulting in outage for its internet brands, Slingshot, Orcon and Stuff Fibre and wholesale customer Sky Broadband.
September 2020: The NZX experienced a series of large-scale DDoS attacks that took its website offline. Because the NZX’s website is used to distribute price-sensitive market announcements, the NZX took the decision to also suspend share trading during the initial attacks, before a policy change.
2012: Activists associated with hacking group Anonymous vented their outrage at Kim Dotcom’s arrest in New Zealand by temporarily blocked access to the websites of the US’ FBI, Justice Department and recording label Universal Music Group.
Many DDoS attacks in the past used to be associated with such civil disobedience, though now the motive is usually blackmail and profit.
2007: The entire country of Estonia was largely knocked offline during a period of high tensions with neighbouring Russia.