Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Cyber Attack Campaign Warning - Expert Reaction

An 'ongoing campaign' of cyber attacks has prompted the GCSB to issue a warning for New Zealand businesses.

Two major news outlets have been hit with unsuccessful cyber attacks today, but the attacks have taken the NZX site down for the fifth trading day in a row.

The SMC asked experts to comment.

Dr Rizwan Asghar, School of Computer Science, University of Auckland, comments:

"We should learn a lesson from the DDoS attacks on the NZX and consider cybersecurity strategies more seriously. Cybersecurity is not an add-on or a plug-and-play thing.

"We should take a pro-active approach to mitigate cyber attacks instead of following a reactive one, including paying any ransom, which is highly discouraged. Otherwise, determined cyber criminals can target any critical infrastructure that could result in financial and reputation losses."

No conflict of interest declared.

Associate Professor Lech Janczewski, Department of Information Systems and Operations Management, University of Auckland, comments:

"Distributed Denial-of-Service (DDoS) is one of the most powerful weapons on the internet. It attacks websites and online services with more traffic than they are able to accommodate, resulting in site crash.

"The DDoS attack consists of three phases:

  1. The attacker picks a type of DDoS attack, finds or develops necessary software.
  2. They install that software on unprotected computers (called “zombie computers”) practically forming a network of computers. This network is called a “botnet”. The number of computers in a botnet may exceed 100,000.
  3. At a given time or signal all zombies start sending messages to the attacked site resulting in its crash.
Advertisement - scroll to continue reading

"DDoS attack software is constantly evolving and attack vectors are becoming more and more complicated. Hence instead of developing a new DDoS attack software a hacker may buy one (using bitcoins) on the dark web. Due to the DDoS characteristics only the biggest and most vulnerable sites are targets of these attacks.

"Defence against a DDoS attack, when it is launched, is extremely difficult. Installing fire detectors when you are under fire is useless. Perhaps the only solution is to switch off the site.

"There are a number of ways to minimise the impact of a DDoS attack:

  1. Install a system which can detect the launch of a DDoS attack against your site.
  2. When a DDoS attack is detected notify your ISP to re-route attacking messages.
  3. You may have a backup ISP and/or you may create a “black hole” which may absorb all DDoS traffic without damage.
  4. You should configure firewalls and routers to identify DDoS attacking traffic.
  5. Also you should install and set up intrusion detection systems. DDoS attacks may not be necessary based on directly flooding the site with traffic.
  6. Artificial intelligence could be used to coordinate all the above activities.

"The involvement of the GCSB is a positive move, but why was it not taken before the attack was launched?"

No conflict of interest.

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.