Denial of Service (aka what went wrong at the NZX?)
In September the NZ Stock Exchange was the victim of an attempted extortion via a DDOS attack. The attack took them offline serval times over a number of days. Many business are now asking, what is DDOS and could we fall victim to it?
DDoS are surprisingly easy to undertake. The type of software used, called a Command and Control system, is easily available online from reputable suppliers. First you look for devices with known security issues. That could be any internet connected device. These can be security camera’s, baby monitors, refrigerators, smart TV’s or even computers. If you don’t have the time or skill to search these out, you can purchase a list of devices and passwords. You load the list in to your Command and Control software, then instruct all the devices to target (connect to) your victim.
The result is a flood of connections, from all around the world. This will overwhelm the victim’s internet connection and effectively block legitimate traffic. A parallel is a contact call centre – when all the lines are busy, new callers are unable to connect.
With the incoming connections being sourced from all around the world, and with massive volumes of traffic, this is extremely difficult to deal with. For example, the NZX attack is thought to have averaged around 40-60Gbps and to have peaked at 200Gbps. This is hundreds of times more than the traffic levels that most business would normally consume under load.
That raises the question. How do you deal with this sort of threat?
The answer is that you can’t. Certainly you can’t do this directly. You need your ISP to be able to help you.
Here at Kinetics, we use Vorco as our ISP. When we asked them how they would help us, the answer was pleasingly honest. At the time of the NZX attack, protection would have been to block access to us from all international addresses. It would have been a quick fix, but not a good one, as we live in a virtual world without borders.
Since then they have confirmed that they are adding an extra layer of security by deploying specific advanced technology at all the international connection points to their network. They will have the capacity to absorb attacks significantly higher than the NZX peak volume. Such a change is not inexpensive, but they are doing it as part of their standard service for all their clients.
If you are concerned that you maybe a DDoS target, your best protection is to ask your ISP how they will help you. We’re happy to have that conversation on your behalf.