New Zealand organisations have been dealing with ongoing Denial of Service Attack attacks – at a scale much bigger than the typical attacks which hit our organisations each month. Kiwibank, ANZ, NZ Post and the Metservice have been specifically highlighed as having been hit by ongoing Distributed Denial of Service attacks which have blocked access to their websites, online banking and mobile banking apps.

What is a Denial of Service Attack (or Distributed Denial of Service Attack)

You can think of Denial of Service (or DDoS) cyber attack a little bit like what happens when too much traffic means roads are blocked for a period of time. However in a DDoS attack instead of roads it’s parts of the internet that is getting blocked – and these attacks are typically carried out maliciously for financial gain.

So let’s say people want to get to a location by car – if too many people are trying to reach that location all at once there can be an issue of too much traffic. In bigger cities such as Auckland, Wellington or Christchurch we see this with rush hour every day. And sometimes roads are blocked deliberately such as during a protest and then nobody can get to certain locations.

In a denial of service cyber-attack – it’s similar but online – with effectively too many computers trying to reach a particular website (such as your bank) all at once.

A cyber attacker can achieve this by controlling a very large number of computers and commanding those computers to flood a particular website and therefore make it inaccessible.

What can be done?

Organisations can reduce the impact of a Distributed Denial of Service (or DDoS) attack by preparing upfront and using a provider who are specifically geared up to protect against such attacks. This is especially important for businesses who have a customer portal or who carry out online transactions (ecommerce) through an online store.

It’s also possible for attacks to happen not just on websites, but on other key infrastructure – such as an online phone system, virtual private network link or office internet connection. Advance planning is always best, however infrastructure changes can be made on the fly when an organisation is under attack by cyber criminals.

This item was original published on the Gorilla Cyber Security NZ updates page.