Thousands of New Zealanders' Friday afternoon workflow was interrupted today when their internet connection cut out due to a cyber attack on a main internet provider.
Internet infrastructure provider Vocus - which operates Orcon, Slingshot, Flip, and Stuff Fibre internet connections - was hit with a DDoS attack which took its internet down for about 30 minutes just after 1pm this afternoon.
Reports from affected users came in from all over the country, but mostly in the North Island, including Auckland, Hamilton and Wellington.
In a statement on its website, Vocus confirmed the issue was related to a DDoS attack.
Vocus said the outage was caused by a malfunction in the mitigation of an attack against just one customer.
"A Vocus customer was under DDoS attack on Friday afternoon," it said.
"A DDoS mitigation rule was updated to our Arbor DDoS platform to block the attack for the end customer. Based on initial investigations it was this rule change that disrupted service to a range of Vocus customers. We are working closely with the vendor of this platform to understand why this occurred. Customers should have come back online automatically."
A DDoS attack is when attackers try to disrupt the normal traffic to an internet service, server, or network. The aim is to hinder access, and stop people from getting to the services they needed. The attacks work by flooding a website with fake requests, exceeding its capacity. That meant normal, legitimate, requests can't get through.
The technique was what was used in a series of attacks on the NZX last year.
AUT professor of computer science Dave Parry called this style of attack commonplace, but this hit was of significant scale.
"Fact of the matter is there's attacks of this sort all the time, all around the world and here in New Zealand previously as well. I don't know what the data size of this attack is, but the scale will be very large. The actual affect of taking down major internet service providers is huge."
Parry said there were filters throughout the international connection system that attempt to fend off these kind of attacks, but it appeared this type is new on the scene, and slipped by undetected before being quickly fixed.
"This will be a new one which hasn't been seen before so it isn't automatically rejected, so it took about an hour to work out how to protect against it and block it out," he said.
He said the attack is an intimidation attempt by hackers with dollar signs in their eyes.
"The message would've been look at what we can do and pay us some money, otherwise we'll do it again. It's annoying and its disruptive, but it's probably not particularly dangerous."
Parry said further attempted hits were likely to occur in the coming days.
"I suspect they will try again and they may be successful for a time, but it will probably be a shorter outage next time. There'll be alot of resources being moved into the cybersecurity space right now both from Government and industry."
Dr Rizwan Asghar from Auckland University's School of Computer Science said companies should have guidelines on protection and response to DDoS attacks - particularly following the cyberattack on Waikato DHB.
He said protection mechanisms could range from simple firewall protection to in-house programmes.