ANZ online banking services are offline for a third day following a series of cyber attacks.
On Friday morning, the bank’s website and goMoney mobile app failed to load.
On Wednesday and Thursday, the bank was the target of a DDoS (Distributed Denial of Service) attack.
Cybercriminals carry out DDoS attacks by flooding an organization’s web services with an overwhelming volume of online traffic, causing their sites to crash repeatedly.
* NZ Post predicts outage, ANZ faces continued disruption amid cyber attacks
* The government is still assessing the impact of Wednesday’s denial of service attacks
ANZ has been approached for comment.
Internet users on Wednesday reported problems with online services from ANZ, Kiwibank, NZ Post, MetService and the Ministry of Primary Industries.
At the time, Cert NZ said it was aware of a (DDoS) attack targeting a number of organizations.
In a Facebook post updated at 7:40 a.m. on Friday, ANZ said it was once again experiencing outages on its online services.
“I cannot say it enough, but we are very grateful for your patience and understanding as we work hard to resolve this issue,” he said.
Customer cards, ATMs, direct debits and hotspots already set up would still work, he said.
Telephone banking was still working, but its phone lines would be busy again, he said.
On Thursday, he told customers that disconnecting and then reconnecting to the internet could help access it again.
“Also try clearing your browser’s history and cache, this may also help.”
The website monitoring service Down Detector shows that the first reports of ANZ encountering problems on Friday started at 6 a.m., with 444 reports recorded around 8:45 a.m.
On Twitter, the bank told a client it couldn’t say when the issue would be resolved, but its tech team was working to get it resolved as a priority.
University of Auckland associate professor Lech Janczewski said the software needed to perform a standard DDoS attack could be purchased on the dark web.
“A serious business must be aware of this and must be protected. “
However, more expensive bespoke DDoS attack software was also available. It could be more sophisticated and more difficult to defend, he said.
“It’s still a very popular type of attack.”
Businesses should have procedures in place for what to do when a DDoS attack occurs, just like most businesses have fire alarm drills, he said.
“The question is, are companies doing something like this? “
Organizations had to be set up to defend against the types of attacks recognized and while it might not be a cheap exercise, it wouldn’t cost millions of dollars, he said.
The actors behind the attack can do it for fun, notoriety, revenge or an act of terrorism, he said.
University of Otago computer science associate professor David Eyers said ANZ likely has defenses against a DDoS attack.
However, for companies it was a question of balancing the degree of defense provided against the cost and difficulty of providing that defense.
“The more targeted the attack, the more difficult it will be to defend against this attack.”
No system would be perfectly secure, he said.
With increasing security threats from DDoS, ransomware and other cyber attacks, it seemed likely that security operations within many organizations were going to be increasingly resourced, he said. .
“Nonetheless, it is always better – and it is common practice – for organizations to have plans for what to do when damage is caused by an attack than to believe that all attacks can be defended.