The recent cybersecurity incidents that affected various public and private organizations in New Zealand do not seem to have had any consequences to regret, although many users still have doubts about the actual scope of these attacks and how the local government has responded.
Faced with this confusion, the New Zealand government issued some clarifications, confirming that the incident affected banks and organizations such as ANZ, Kiwibank, NZ Post and MetService. About the hacking variant used, it is mentioned that it is a denial of service (DoS) attack. This same attack variant disrupted the operations of the New Zealand stock exchange a few months ago.
As some users may recall, a DoS attack causes a crash of the affected website or system by intentionally overloading it with more traffic than it can handle. At the moment the objectives of those responsible for these attacks are unknown, although some fear that the hackers were looking for a ransom.
In this regard, communications minister David Clark points out that the local Computer Emergency Response Team (CERT) has already taken responsibility for investigating the various cases of cyberattack recently presented, in addition to the necessary measures being taken to determine the real scope of these attacks.
For CERT, the job now is to advise affected companies and organizations on how to respond to and prevent these attacks, as well as working as a link with agencies such as the National Cyber Security Centre (NCSC) for the in-depth investigation of these attacks and their perpetrators.
The good news is that the incident appears to have been limited in scope, as DoS attacks are unsophisticated and can be contained by experienced system administrators. In general, the governments of the world recommend that organizations affected by these types of attacks not negotiate with hackers, since this is the way in which groups of threat actors get funding to continue their crimes.
In addition, organizations under DoS attacks can work to shut down sources of traffic or combat it by simply expanding the size of their bandwidth, becoming more resilient against this attack variant.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.