Story image

"Pay or your network gets it" threat to Kiwi organisations

07 May 2015

An unknown international group has begun threatening several New Zealand organisations with Distributed Denial of Service (DDoS) attacks, according to the New Zealand Internet Task Force (NZITF).

DDoS attacks are attempts to make an organisation’s Internet links or network unavailable to its users for an extended length of time.

The NZITF says these latest DDoS threats appear as an email threatening to take down an organisation’s internet links unless substantial payments in the digital currency Bitcoin are made.

Barry Brailey, NZITF chair, warns the threat is not an idle one and should be taken extremely seriously as the networks of some New Zealand organisations have already been targeted.

“The networks of at least four New Zealand organisations that NZITF knows of have been affected, so far,” Brailey says. “A number of Australian organisations have also been affected.”

Brailey says the ‘unknown group of criminals’ has been sending emails to a number of addresses within an organisation. Sometimes these are support or helpdesk addresses, other times they are directed at individuals.

According to the NITF, the emails contain statements threatening DDoS, such as:

“Your site is going under attack unless you pay 25 Bitcoin.”

“We are aware that you probably don't have 25 BTC at the moment, so we are giving you 24 hours.”

“IMPORTANT: You don’t even have to reply. Just pay 25 BTC to – we will know it’s you and you will never hear from us again.”

The emails may also provide links to news articles about other attacks the group has conducted.

NZITF urges all New Zealand firms and organisations to be on the alert and to consider the following:

• Don’t pay. “Even if this stops a current attack, it makes your organisation a likely target for future exploitation as you have a history of making payments,” it says.  • Educate all staff to be on the lookout for any emails matching the descriptions above. “Have them alert appropriate security personnel within the organisation as soon as possible.” • Establish points of contact with your Internet Service Providers (ISP) in the event that you need them to perform traffic filtering. NZITF says defense against many attack types is most effective when performed before it reaches your network. To date NZITF has had reports of organisations being able to handle these attacks effectively through collaboration with their ISPs. • Establish a baseline of normal activity on your internal network to determine uncharacteristic levels of internet traffic in the event of an attack. Report any attack to the appropriate authorities.

For more tech savvy organisations, the NZITF provides some additional steps to consider: • Make use of DDoS mitigation services or content delivery networks to serve web content. Solutions that specialise in protecting web content may be more cost effective and, given the limited types of traffic that should be allowed, might be able to more aggressively drop malicious traffic. • For DDoS attacks conducted over non-critical services (especially SSDP and NTP), blocking the relevant ports may provide temporary mitigation.

Web design programmers do an about face – again!
Google is aggressively pushing speed in the mobile environment as a critical ranking factor, and many eb design teams struggling to reach 80%+ speed scores on Google speed tests with gorgeous – but heavy - WordPress templates and themes.
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
'Iwi Algorithm' can grow Aotearoa's mana
Ngāti Whātua Ōrākei innovation officer Te Aroha Grace says AI can help to combine the values from different cultures to help grow Aotearoa’s mana and brand – and AI is not just for commercial gain.
Dropbox brings in-country document hosting to A/NZ & Japan
Dropbox Business users in New Zealand, Australia, and Japan will be able to store their Dropbox files in-country, beginning in the second half of 2019.
Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.
Instagram: The next big thing in online shopping?
This week Instagram announced a new feature called checkout, which allows users to buy products they find on Instagram.
Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.