NZX DDoS 3 Days and counting

Forums › Off topic › NZX DDoS 3 Days and counting

ezbee

2405 posts

Uber Geek

#274535 27-Aug-2020 17:48

Call me uninformed but I thought massive DDoS attacks were something of the past.
We have an attack that's been going for three days and seems no closer to running out of steam

We had network management measures that made this old hat ?
Even local technologies out of Waikato Uni , like Endace , for monitoring ?

Or has this actually been a growing problem hidden by quiet bitcoin payoffs.
It would be interesting to hear from networking people in the know, have we been living with false sense of security.

Edit , I type therefore I typo.

1 | 2 | 3 | 4 | 5

20141 posts

Uber Geek

#2550818 27-Aug-2020 17:53

Doesn't seem to be getting huge amount of coverage, considering this is a big part of NZs infrastructure. Saw some experts on the news last night discussing it. Normally I understand with a DDOS on a website server, that the admins would block the IP ranges of those doing the attack.

Batman

Mad Scientist
29760 posts

Uber Geek

Trusted

Lifetime subscriber

#2550962 27-Aug-2020 20:54

apparently they are in the dark about what's going on ...

maybe some GZers can help ...

PolicyGuy

1726 posts

Uber Geek

ID Verified

Lifetime subscriber

#2550968 27-Aug-2020 21:02

I would guess that they are self-hosting and not behind one of the major CDNs, so pretty much defenceless

timmmay

20575 posts

Uber Geek

Trusted

Lifetime subscriber

#2550969 27-Aug-2020 21:08

Any significant website needs to be behind a major CDN these days, for DDOS mitigation. CloudFront, CloudFlare, Akamai, there are plenty to choose from.

ezbee

2405 posts

Uber Geek

#2550976 27-Aug-2020 21:26

Apparently Zdnet are going for a shakedown by a group that's been attacking a number of companies
https://www.zdnet.com/article/ddos-extortionists-target-nzx-moneygram-braintree-and-other-financial-services/

""
The attackers have been identified as the same hacker group mentioned in an Akamai report published on August 17, last week.

The group uses names like Armada Collective and Fancy Bear — both borrowed from more famous hacker groups — to email companies and threaten DDoS attacks that can cripple operations and infer huge downtime and financial costs for the targets unless the victims pay a huge ransom demand in Bitcoin.
""
Our source, who requested anonymity for this article due to ongoing business relations, also confirmed that some of the attacks launched this week reached 50 to 60 Gb/sec.

The source also described the group as having "above-average DDoS skills."
""

Though this article seems to be pointing at Anonymous , just in it for Lols , though I thought they were more political these days.
https://www.rnz.co.nz/news/business/424567/nzx-down-for-third-day-in-a-row-following-another-cyber-attack

I can understand that no company will be saying much themselves, so who knows.
Suppose being last stop before Antarctica, we might think we might be far down the shakedown list , at least after the big dry island.

Batman

Mad Scientist
29760 posts

Uber Geek

Trusted

Lifetime subscriber

#2550980 27-Aug-2020 21:51

shakedown - is that a term for bullying?

Zeon

3916 posts

Uber Geek

Trusted

#2551002 27-Aug-2020 22:24

Batman:

shakedown - is that a term for bullying?

The word we are looking for is "extortion"

Speedtest 2019-10-14

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

NPCtom

430 posts

Ultimate Geek

#2551033 27-Aug-2020 23:48

Everyone blames any "cyber related attack" on Anonymous these days. This could possibly even be a few kids messing around. I'm surprised the Govt doesn't put any of their websites behind CDNs either.

eracode

Smpl Mnmlst
8846 posts

Uber Geek

ID Verified

Trusted

Subscriber

#2551039 28-Aug-2020 04:49

mattwnz:

Doesn't seem to be getting huge amount of coverage, considering this is a big part of NZs infrastructure. Saw some experts on the news last night discussing it.

Yes - find it incredible that on One News last night - after the third day - it got two sentences of coverage. Also if you google for it as news, there are not many stories covering it - and those that do, are relatively brief.

Sometimes I just sit and think. Other times I just sit.

MikeB4

18435 posts

Uber Geek

ID Verified

Trusted

#2551075 28-Aug-2020 08:34

The Spark account manager will be a tad busy I guess

nedkelly

659 posts

Ultimate Geek

Trusted

#2551099 28-Aug-2020 08:53

GCSB are now involved according to Stuff article.

freitasm

BDFL - Memuneh
79253 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2551119 28-Aug-2020 09:15

mattwnz:

Doesn't seem to be getting huge amount of coverage, considering this is a big part of NZs infrastructure. Saw some experts on the news last night discussing it. Normally I understand with a DDOS on a website server, that the admins would block the IP ranges of those doing the attack.

Admins wouldn't be able to block a coordinated DDoS attack that easily. Some attacks can have hundreds of thousands of source IPs. Attacks come in different forms - some are just bits, some are packets and others are full HTTP requests.

PolicyGuy:

I would guess that they are self-hosting and not behind one of the major CDNs, so pretty much defenceless

You don't need to be behind a CDN to defend against DDoS attacks. CDNs are Content Distribution Networks. Some CDNs do offer DDoS protection but this is not always the case.

The New Zealand Government websites are mostly behind services like Imperva. Private sites have this option plus Cloudflare and others.

The NZX network provider is Spark. This has impacted traffic to other clients too so this fact alone tells me a bit of what kind of attack level this is.

Here is a very good read - including a high volume attack analysis and a description of the three types of attacks I've mentioned above.

timmmay

20575 posts

Uber Geek

Trusted

Lifetime subscriber

#2551133 28-Aug-2020 09:43

Most places that do DDOS protection are also a CDN, hence people saying CDN. CDN is important to scale out to absorb traffic that makes it through DDOS filters. For example one of the features of AWS Shield Advanced (at US$3K per month) is that during a DDOS attack they cover the cost of scaling out your application resources to meet the load that makes it through the Shield / CloudFront DDOS protection.

freitasm

BDFL - Memuneh
79253 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2551136 28-Aug-2020 09:46

timmmay:

Most places that do DDOS protection are also a CDN, hence people saying CDN. CDN is important to scale out to absorb traffic that makes it through DDOS filters. For example one of the features of AWS Shield Advanced (at US$3K per month) is that during a DDOS attack they cover the cost of scaling out your application resources to meet the load that makes it through the Shield / CloudFront DDOS protection.

Most services do, but to be technically correct assume the lowest level. Not every CDN offers DDoS protection and not every DDoS protection service uses a CDN.

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2551137 28-Aug-2020 09:47

NPCtom:

Everyone blames any "cyber related attack" on Anonymous these days. This could possibly even be a few kids messing around. I'm surprised the Govt doesn't put any of their websites behind CDNs either.

They all use Imperva...

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

1 | 2 | 3 | 4 | 5