Author: Tom Pullar-Strecker and Anuja Nadkarni

The Government does not have any clues yet on who might be behind cyberattacks on the NZX, Radio NZ and Stuff, GCSB Minister Andrew Little says.

Media companies and banks appear to have been targeted by the same cyber criminals who knocked the NZX’s website offline for periods during five consecutive business days.

Little told Radio NZ that other organisations in Southeast Asia and North America had been subject to distributed denial-of-service (DDOS) attacks that had the same “modus operandi” and the Government was working with its Five Eyes partners to investigate.

It is believed the criminals claimed in ransom notes sent to some victims ahead of attacks that they were associated with a notorious Russian group called Fancy Bear but Little believed that was “a decoy”.

It was more likely the attackers were criminals with a financial motive than “state actors”, he said.

Stuff spokeswoman Candice Robertson said Stuff had been targeted by a DDOS attack on Sunday which it had successfully defended itself against.

“Importantly the Stuff site remains secure,” she said.

Most organisations can fend off DDOS attacks, GCSB Minister Andrew Little says.

Radio NZ spokeswoman Charlotte McLauchlan said it had also experienced multiple DDOS attacks during the past 24 hours.

“We understand this may have been the same group that has been attacking the NZX and we are currently investigating,” she said.

“Our site remains secure and this has not impacted our audience.”



The country’s biggest banks are tightening security to protect themselves from similar attacks.

It is understood banks have been facing attempted attacks, although the Reserve Bank said it had not been advised of any significant issues over the weekend.

Little said most organisations were prepared for DDOS attacks and were able to “absorb them without disruption”.

“They fizzle out once it is clear they are not going to yield any response that the attacker might want,” he said.

Stuff has fended off an attack.

Our strong advice is never to pay a ransom if that is being asked for.”

Declan Ingram, deputy director of cyber security agency Cert NZ, said it treated reports of attacks as confidential and “questions relating to specific organisations should be directed to that organisation”.

Cert NZ warned on November 1 last year that it had received reports of “extortion emails targeting companies within the financial sector in New Zealand”.

It said then that emails claiming to be from a Russian group going under the name Fancy Bear/Cozy Bear were demanding ransoms in return for being spared an attack.

Cert NZ advised businesses in November to check that their internet-facing systems did not expose certain protocols that might make them more vulnerable.

It also suggested they consider a “DDOS protection service, such as Cloudflare or Akamai” to prevent DDOS traffic from reaching and overloading their systems.

The cyber criminals behind the attack on NZX are believed to have assumed the identity of a notorious Russian gang.

NZX is understood to have now engaged the services of Akamai in its battle against its attackers.

Spokesman David Glendining said NZX had “well-established processes for keeping across cyber security advice from a range of sources, including Cert NZ”.

”NZX applies this to our systems and network architecture on an ongoing basis to ensure they meet contemporary cyber security standards and address all known threats,” he said.

He would not comment on whether Cert NZ’s November warning had prompted any specific action.

“As a matter of principle, we do not comment publicly on our specific cyber security arrangements or how we are responding to specific threats,” he said.

Robertson said Stuff had reached out to the GCSB to let it know of the attempted attack on its website.

Stuff was a customer of Akamai, she said.

A BNZ spokesman said it was “constantly investing and improving” security to protect against these attacks.

“We don’t comment on specific cyber security events but every day criminals are trying to attack organisations around the world. We work hard to protect our customers and our critical infrastructure from these attacks,” he said.

An ANZ spokesperson said the bank took the risk “very seriously” and was on high alert.

“We have been working closely with industry bodies and our internet service provider to keep appraised of the situation and the nature of the threat, and we have been actively collaborating with government agencies and our regulators,” they said.

State-owned broadcaster RNZ said it was targeted on Sunday.

“We believe our current security settings are appropriate and we remain on high alert.”

New Zealand’s National Cyber Security Centre said in an advisory on Monday that an ongoing campaign of denial-of-service attacks was targeting “a number of global entities, predominantly in the financial sector”.

It advised organisations to consider whether a “temporary denial of access to online services” was acceptable to them and advised on the steps they could take if not.

Last minute defences were possible but not as effective as measures prepared in advance, it said.

The NZX website crashed on Monday shortly after NZX made assurances that contingency arrangements were in place to allow trading to continue in the event of another cyberattack.

The NZX trading exchange itself has been capable of operating throughout the attacks but the DDOS attacks meant some investors might not be able to see market-sensitive announcements on the NZX’s site.

Concerns that some investors might be disadvantaged by that prompted the NZX to periodically suspend trading last week.

In a blog post on August 17, Nasdaq-listed online content delivery giant Akamai Technologies said attackers posing as Fancy Bear and Armada Collective were targeting banking, finance and retail businesses around the world.

Ransom demands initially started off in the tens or hundreds of thousands of dollars – payable in Bitcoin – and increased if ransoms were not paid, it said.

The NZX is believed to have received such a ransom demand but has not confirmed that and has declined to comment on whether it has any policy on paying ransoms.

Article: https://www.stuff.co.nz/business/122611384/govt-spy-agency-has-no-clues-on-source-of-cyberattacks-on-nzx
:
Note from Nighthawk.NZ:

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 
Powered by OrdaSoft!