On the morning of September 8, customers of some financial institutions and the national postal service of New Zealand could not use online services of these structures in the usual rhythm. The reason was a series of prolonged DDoS attacks on the websites of the organizations.
On the subject, the New Zealand cybersecurity organization CERT NZ left a rather scant comment on Twitter. The service said it was aware of DDoS attacks on several New Zealand organizations and that experts were monitoring the situation, being in contact with the affected parties.
The NZ Herald shed more light on the events that took place. From its publication, it became clear that the important online resources of Kiwibank, ANZ, as well as the websites of the postal and meteorological services of New Zealand, were attacked. At the same time, police officers complained about the slowness of their websites.
To the relief of many, the online resources returned to normal by noon. However, Kiwibank continued to experience problems with online banking, its website, and its application for some time. Users resented the disruptions in access to banking services, as evidenced by numerous comments on social networks.
In response to user reports, companies representatives tried to apologize for the inconvenience. They complained about periodic failures in the work of the sites, which were caused by problems with a third-party provider. Many believe that the latest assaults are a continuation of the DDoS attacks of the week before. Back then, the hackers targeted Vocus, the third-largest Internet provider in the country. The ISP’s cybersecurity service responded quickly by activating protection mechanisms. But as a result, thousands of homes and businesses were temporary without internet access.
It is worth noting the increasing number of incidents involving Distributed Denial of Service (DDoS) attacks in New Zealand. In 2020, the New Zealand Stock Exchange (NZX) suffered a serious cyberattack and was unavailable for three days. In January of this year, a DDoS attack provided a serious data leak in the central bank of New Zealand. Representatives of the National Center for Cybersecurity GCSB are increasingly forced to comment on emerging cyber threats. But they are limited in any public comments because they fear an aggressive response from cybercriminals. Wellington hopes to find an effective solution to protect the state’s digital infrastructure.