Metservice’s website went offline around 7.30am after being hit by a second day of cyber attacks – and the forecaster says it’s bracing for more.
It was initially not loading, then replaced by a minimalist backup site.
Metservice comms manager Brad Monaghan told the Herald this morning, “Our security service provider experienced a DDoS [distributed denial of service] attack targeting MetService yesterday, and the issue was dealt with in a timely manner.
“Along with other organisations, we anticipate that we may be dealing with similar situations in the coming days. We have been having some intermittent issues with the website this morning.”
Monaghan added that “As a precautionary measure, MetService redirected all website traffic to metservice.com to our back-up site [the stripped-down www2.metservice.com] before 9am this morning.
“This site contains all safety critical information, and includes authorised Severe Weather Watches and Warnings for New Zealand, MetService rain radar imagery and brief forecast information.
“The team at MetService remain on the highest alert, and our service provider has additional resource available to help effectively navigate and mitigate the situation.”
The initial DDoS attack yesterday was repelled with “no notable loss of performance,” Monaghan said.
“MetService also operates a back-up site, this site contains all safety critical information, and includes authorised MetService severe weather watches and warnings, MetService rain radar imagery and brief forecast information.”
The Metservice team remained “on the highest alert of any threat” and the forecaster’s service provider had extra resources to manage the situation should it escalate, he said.
Westpac updates on attack
Although the NZX has drawn headlines after suffering a five-day DDoS assault – which experts saw as an attempt to extort the exchange – a number of other NZ organisations have also been hit recently.
Fonterra told the Herald it successfully repelled a cyber attack last month.
And Westpac confirmed to the Herald this morning that it had also been hit by hackers a fortnight ago.
“As a large organisation, we are regularly targeted by cyber criminals including through DDoS attacks. We have dedicated teams working around the clock to ensure we are always alert to threats and our systems and customers are protected,” a spokesman said.
“On Tuesday August 18 we successfully repelled a DDoS attack. A small number of customers may have experienced intermittent issues logging-in for a short period as the attack traffic was managed, but our systems did not go offline. This was resolved quickly.
“We have not been targeted by any DDoS attacks since then.”
Media outlets RNZ and Stuff say they suffered DDoS attacks over the weekend, but were able to deflect them.
What is a DDoS attack?
Security company NortonLifeLocks says criminals prepare for a DDoS attack by taking over thousands of computers. These are often referred to as “zombie computers”. They form what is known as a “botnet” or network of bots. These are used to flood targeted websites, servers and networks with more data than they can accommodate.
A volume-based or “volumetric” DDoS attack, which was apparently the variant that hit the NZX, sends massive amounts of traffic to overwhelm a network’s bandwidth, NortonLifeLock says.
The company says a DDoS attack has to be repelled at the internet service provider level, which often this involves temporarily blocking traffic from certain IP addresses.
But it is also a good idea to keep security software up to date so your PC does not unwittingly become part of a botnet attack.
The NZX did not immediately respond to questions about whether it had received any extortion demand, whether its communications setup involved multiple providers for redundancy, and what steps were being taken to avoid another attack.
Read more on why NZ is being targetted by hackers in 2020 here.