Kiwibank expects more issues with online banking and app on Monday

Kiwibank warned that customers could continue to have difficulty accessing online banking services and its mobile app on Monday, after earlier outages on Sunday and Wednesday.

The bank has not yet given an explanation of these problems.

Spokesman Mike Jaspers declined to comment on Sunday whether they were the result of denial of service attacks that also allegedly impacted ANZ and NZ Post last week.

A banking industry source said the Reserve Bank wrote to managing directors of major banks to tell them that it was working with the government spy agency GCSB on these issues.

READ MORE:
* Kiwibank warns internet banking blackouts could persist throughout Sunday
* ANZ Online Banking is suspended for a third day
* NZ Post predicts outage, ANZ faces continued disruption amid cyber attacks
* The government is still assessing the impact of Wednesday’s denial of service attacks

The Reserve Bank has been contacted for comment.

Cyber ​​security agency Cert NZ said last week it was aware of a distributed denial of service (DDoS) attack targeting a number of organizations.

Digital Economy Minister David Clark said on Wednesday that efforts to determine the impact of the incident were underway and he was not going to “get ahead of this process.”

Kiwibank uses social media to provide updates to customers.

He tweeted Monday morning that he expected internet banking and its app to be “intermittent” on Monday.

“Some customers may be able to access our services and some may have issues from time to time,” he said.

Data from the Down Detector outage monitoring site indicated that many customers were having problems accessing Kiwibank’s services on Monday morning, but complaints were fewer than on Sunday.

What are DDoS attacks?

Often described simply as denial of service attacks, DDoS attacks are carried out by cybercriminals who hire or hijack large numbers of computers infected with malware (the extra “D” in the acronym stands for “distributed”).

They use them to bombard an organization’s online services with huge amounts of traffic, such as connection requests, overloading them so that they cannot process genuine requests and appear to be offline. .

Since victims are not hacked, there should be no risk that they will lose personal information or, if banks are attacked, that people will lose money.

Large organizations typically defend themselves against DDoS attacks by using technological tools to identify and shut down the sources of parasitic traffic bombarding their services, which can come from networks of computers infected with malware that could be located anywhere in the world. the world.

Attackers often route their malicious traffic through misconfigured web servers owned by legitimate organizations, in order to disguise the true source of their attacks.

Sometimes attacks stop, to be redirected or restarted from a different source, which can make the task of stopping denial of service attacks a cat-and-mouse game.

Usually, attackers demand ransoms to stop their attacks, although it is believed that these are rarely paid.

Past DDoS attacks

DDoS attacks have been around for decades.

Forwards and defenders have become better at their games.

But the increasing availability of fiber to the home means that compromised computers that are typically used to carry out attacks can be more powerful because they can send more malicious traffic.

September 2021: A customer of New Zealand’s third largest internet service provider, Vocus, has suffered a denial of service attack. Vocus’ attempts to help it defend the attack went awry, resulting in outages for its Internet, Slingshot, Orcon and Stuff Fiber brands and its wholesale client Sky Broadband.

September 2020: The NZX has suffered a series of large-scale DDoS attacks that have taken its website offline. Since the NZX website is used to serve price sensitive market announcements, the NZX made the decision to also suspend stock trading during the initial attacks, ahead of a policy change.

2012: Activists associated with the hacking group Anonymous have expressed outrage over the arrest of Kim Dotcom in New Zealand by temporarily blocking access to the websites of the FBI and the United States Department of Justice, as well as the Universal Music Group recording label.

Many DDoS attacks in the past were associated with such civil disobedience, although now the motive is usually blackmail and profit.

2007: The entire country of Estonia has been largely taken offline during a period of high tension with neighboring Russia.