A number of sites targeted in cyber attacks

The NZX website had problems last week with sustained denial of service (DDOS) attacks that rendered the site unusable at times. RNZ and Stuff were also affected.

Stuff: Govt spy agency has ‘no clues’ on source of cyberattacks on NZX

The Government does not have any clues yet on who might be behind cyberattacks on the NZX, Radio NZ and Stuff, GCSB Minister Andrew Little says.

Little told Radio NZ that other organisations in Southeast Asia and North America had been subject to distributed denial-of-service (DDoS​) attacks that had the same “modus operandi” and the Government was working with its Five Eyes partners to investigate.

It is believed the criminals claimed in ransom notes sent to some victims ahead of attacks that they were associated with a notorious Russian group called Fancy Bear but Little believed that was “a decoy”.

Stuff spokeswoman Candice Robertson said Stuff had been targeted by a DDoS attack on Sunday which it had successfully defended itself against.

“Importantly, the Stuff site remains secure,” she said.

Radio NZ spokeswoman Charlotte McLauchlan said it had also experienced multiple DDoS attacks during the past 24 hours.

“We understand this may have been the same group that has been attacking the NZX and we are currently investigating,” she said.

“Our site remains secure and this has not impacted our audience.”

This week the problems have spread, with Metservice and TSB targeted yesterday and today, and some news sites (Stuff) also saying they have been attacked.

NZ Herald: MetService latest NZ organisation to be hit by targeted cyber attack, TSB experiences tech issues

MetService is the latest organisation to be hit by the same cyber attack that crashed the NZX website for five days.

The weather forecaster was hit by a DDoS (distributed denial of service) attack today, but a spokesman said it was dealt with “in a timely manner”.

TSB bank also responded to an incident causing disruption to some of its services this afternoon.

CEO Donna Cooper said the bank had informed the appropriate authorities and would continue to work closely with them on this.

Cooper declined to comment on whether the incident may have been related to a cyber attack.

But it also seems that blogs are being impacted in some way.

LPrent at The Standard: The background traffic is loud.

Along with the grey weather, the weather around our local net is downright annoying at present. There are a massive increase in attempts to break into this site via backend systems and brute force front-end logins, a surge in scans from the search engine spider bots, and a lot of requests for putting up paid content. All of which have been ignored or dealt with. Good thing that we aren’t a target like the NZX, banks, mainstream media and the MetService are. 

The BFD: Speed Issues affecting The BFD

We are all too aware of the slowness affecting The BFD at the moment and despite a huge amount of effort behind the scenes have yet to resolve this.

This issue is not specific to The BFD and is affecting a large number of sites all over the world.

It’s happened because the latest security update to the WordPress platform the site runs on does not play nicely with all the extra add ons that make the site look and work the way it does.

So both blogs say they are not being subjected to DDOS attacks, but it’s a curious coincidence.

Cyber attack on UK Parliament

The Telegraph: Parliament hit by ‘sustained and determined’ cyber attack leaving MPs unable to access their emails remotely

Parliament has been hit by a cyber attack that has left MPs unable to access their emails if not in Westminster.

MPs were alerted to the hack on Friday night and have reported problems getting into their email accounts on Saturday.

The attack comes just days after reports that passwords of ministers were being flogged online after hacking groups managed to gain access.

An email sent by parliamentary authorities to those impacted by the incident described the attack as “determined”.

The email stated: “Earlier this morning we discovered unusual activity and evidence of an attempted cyber-attack on our computer network.

“Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords.

“These attempts specifically were trying to gain access to our emails.

“We have been working closely with the National Cyber Security Centre to identify the method of the attack and have made changes to prevent the attackers gaining access, however our investigation continues.”

The war online continues.

So far there is no sign that New Zealand has been targeted. Maybe the rest of the world doesn’t care about what happens in our election, but there’s nearly three months to go until the election.

Cyber attack on British health systems

BBC: NHS cyber-attack: GPs and hospitals hit by ransomware

A major incident has been declared after NHS services across England and Scotland were hit by a large-scale cyber-attack.

Staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.

The BBC understands up to 25 NHS organisations and some GP practices have been affected.

It comes amid reports of cyber-attacks affecting organisations worldwide.

Ambulances have been diverted, patients have been warned to avoid some A&E departments, and there has been disruption at some GP surgeries as a result of the attack.

Ransomeware – where rogue code gets into a network and encrypts data, often as simply as via an email attachment click on by one person – has been common for years, although it has been getting increasingly sophisticated.

Once data is encrypted large amounts of money are demanded to unencrypt the data – with no guarantee it will be done or will be successful.

I know of a number of companies who have been affected, usually a major or full system restore is required.

This attack on the NHS may be much the same except it is has simply been an escalation of scale in a large and critical organisation.


UPDATE: The problem seems to be more widespread.

Fox News: Cyber attack spreads across 74 countries; some UK hospitals crippled

Cyber attacks that hit 74 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency.

NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and “is affecting organizations from across a range of sectors.” In total, 16 NHS organizations said they were affected.

The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen.

Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.

I’ve updated my Windows systems at home and at work.

The malware was sent via email with a file attached to it. From there, it subsequently spread.

It only takes one person in an organisation to click on a malware attachment to spread it across a network.

The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.

It prevents you from accessing data rather than extracts or sends data – at least that’s how these programs have been.

Cyber attack

There’s claims of disruption on the Internet and a possible cyber attack.

Cyber attack disrupts websites in US, Europe

A number of big websites in the US and Europe are being hit by what appears to be a large cyber attack.

It’s been disrupting sites including Twitter and Netflix, as well as Spotify, Airbnb and Reddit.

Services including PlayStation Network have also been hit.

The first problems appeared on the East Coast of the United States but people in Europe are now reporting outages too.

No one has claimed responsibility, but US government officials say they’re looking at all possible scenarios.

http://www.newstalkzb.co.nz/news/world/cyber-attack-disrupts-websites-in-us-europe/

I haven’t noticed any problems. Twitter seems to be working normally for me.

‘Several waves’ of massive cyber attacks take down sites across the globe: Twitter, Spotify, Amazon and Reddit among those forced offline as Department of Homeland Security launches urgent investigation

 

  • Github, SoundCloud and PayPal also reported to be down 
  • Some of Amazon’s cloud services also believed to have been hit
  • Outage appeared to be primarily affecting web users on the US East Coast 
  • Second wave of attacks began around 1PM ET
  • Department of Homeland Security ‘investigating all potential causes’
  • The ongoing interruption of its network resulting from a DDoS attack
  • DDoS attacks are a primitive form of hacking using botnets – networks of computers that hackers bring under their control 

http://www.dailymail.co.uk/sciencetech/article-3859500/Widespread-internet-havoc-major-attack-takes-websites-offline-Spotify-Twitter-sites-suffer-outages.html#ixzz4NkWdNMlp

 

Ben refers to my non-noticing:

No real reason you would PG besides Twitter. Google has its own Domain Name System (DNS) which has proven to be quite resilient though has been censored by the likes of Turkey. Most content that comes from the likes of Netflix etc is housed locally to the region in which you access it via local Content Distribution Networks (CDNs) which house the media. This reduces costs, stress on upstream providers and improves latency.

Dyn has quite a cool history. This will be a pivotal moment for Dyn as it has been a big year for them. They recently raised $50M in May in their Series B. Also this month they appointed Doherty as their CEO. Doherty formerly ran Arbor Networks who actually specialise in DDoS mitigation and prevention.

Many companies are noticing significant issues with DDoS mitigation and prevention, and inside Tech there is a significant hiring shortage of specialists who are good to great at security on this level. A significant issue that has been highlighted is the rise of Internet of Things (IoT) devices which have brought many millions (soon to be billions) of Net enabled devices onto the Net. Many IoT devices lack even basic security and are regularly used by bot masters in Distributed Denial of Service (DDoS) attacks for that reason.

The Register: DNS devastation as Dyn dies again under huge denial-of-service attack

Twitter, Amazon, AirBnB, Github and many others impacted

An extraordinary, focused attack on DNS provider Dyn continues to disrupt internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, Spotify and others.

The worldwide assault started at approximately 11am UTC on Friday. It was a massive denial-of-service blast that knocked Dyn’s DNS anycast servers offline, resulting in knock-on impacts across the internet. Folks immediately started reporting problems; millions of people are affected.

After two hours into the initial tidal wave of junk traffic, Dyn announced it had mitigated the assault and service was returning to normal. But the relief was short lived: just about an hour later, the attack resumed and at the time of writing (1800 UTC), not only is Dyn’s service still down but its website is too.

By blasting Dyn offline, public DNS providers – such as Google and broadband ISPs – are unable to contact Dyn to lookup hostnames for netizens, preventing people from accessing sites using Dyn for DNS.

More details:  http://www.theregister.co.uk/2016/10/21/dns_devastation_as_dyn_dies_under_denialofservice_attack/