DDoS UPDATES

Serious server outages affecting your website with Zeald.

You may have noticed some interruption with your website availability lately. These outages have been caused by DDoS attacks. Simply put, a DDoS attack simulates millions of computers trying to access a website at the same time. This puts tremendous stress on the online infrastructure, and can make accessing a website difficult, or impossible. A more detailed explanation can be found here.

DDoS attacks are difficult to resolve and are a rapidly expanding class of security attack. They don't result from a site being ‘hacked’ and don't lead to any leak or loss of confidential information. They simply make it impossible to access the site. They can be created by attackers with limited technical skill but there are few options for countering them.

Working with our upstream providers, we have been able to stop these attacks. These attacks are also causing major issues for our upstream providers, as well as the other websites and services that they provide.

We believe these attacks are targeted at one of our customers. If you have experienced any kind of extortion attempt or communication threatening an attack like this please let us know. Any feedback regarding recent threats will be treated in the strictest confidence. If we know the target of the attack there are measures we can put in place to eliminate the problem.
 
Resolving this situation is the top priority at the moment both for Zeald and our upstream provider and we will continue working on the problem through the night until it is resolved. We apologise for the inconvenience and thank you for your patience.

As additional information becomes available we will update all clients via both email and the Zeald Facebook page.


DDoS Attack FAQ

In regards to previous events, we mentioned that all websites are susceptible to DDOS attacks and that they are difficult to resolve. This attack we recently experienced is also much larger than average. We thought therefore, that we would follow up with some research our team have been working on.

How do they work?

Denial-of-service (DDoS) attacks usually involve criminals harnessing vast networks of computers that have been infected with malware and using them to bombard a victim's website with requests for page loads, resulting in the targeted website seizing up under the weight of the incoming traffic.

How common are DDoS assaults?

Distributed denial of service (DDoS) attacks continue to grow in frequency, sophistication and bandwidth. Sans Institute Survey

Almost half (45%) of the respondents indicated their organisation had been hit at some point. Of these, almost all (91%) reported an attack during the last 12 months, and over two-thirds (70%) were targeted two or more times. incapsula DDoS Impact Survey

Why do DDos attacks occur?

Extortion is a common motive. The National Cyber Security Centre, a division of the Government Communications Security Bureau (GCSB), said that “several" organisations had been sent emails telling them that if they didn't pay up they would experience a "sustained denial-of-service attack" that would knock them offline. The centre said that the blackmailers had followed up their threats with attacks that lasted up to an hour, to demonstrate their threat was credible.

They had been told that if they paid 25 bitcoins they would never hear from the blackmailers again. A bitcoin is a hard-to-trace virtual currency which trades at about $350.

Details emerge of NZ extortion attack - Stuff.co.nz - May 7 2015

We believe the recent attacks have been targeted at one of our customers. If you have experienced any kind of extortion attempt or communication threatening an attack like this please let us know. Any feedback regarding recent threats will be treated in the strictest confidence. If we know the target of the attack there are measures we can put in place to eliminate the problem.  

Who is the target?

Because of privacy and the sensitive nature of security/extortion cases, not many site specific details end up in the media. Despite this, it has become a regular occurrence in recent years to read stories of businesses both overseas and in New Zealand being victims of sophisticated cyber attacks.

This is especially common with larger sites, who employ the high-end server hosting providers. Some public examples include:

An attack on a high-profile New Zealand website took web hosting company Webdrive's entire operation offline on Monday afternoon. "I cannot disclose the customer in question, other than to say it was a high profile Kiwi site," Webdrive general manager Robin Dickie told NBR ONLINE. Webdrive's customers include Air New Zealand, ACC, BNZ, Auckland Council and Yellow. All up, it has around 25,000 clients, most of them small businesses.

Attack on high-profile NZ site takes down web host NBR - JULY 17, 2013

Is my website security compromised?

A DDoS does not result from a site being ‘hacked’ and does not lead to any leak or loss of confidential information. They simply make it impossible to access the site.

How long does a DDos attack last?

There is a strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective, according to Arbor Networks’ Q2, 2015 global DDoS attack data. “Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprises around the world,” says Darren Anstee, Arbor Networks chief security technologist.

When asked how long an average assault lasts, they report a higher number of shorter attacks, with 86% reporting an average of 24 hours or less. However, upon closer examination, the data reveals there are no predictable patterns as to how long an assault will last. 37% of organizations reported an average of six hours or less, 31% cited 6 to 12 hours, and 18% claimed 13 to 24 hours. While the trend seems to point toward shorter durations, average attack lengths of days, or even more than a week, are also reported. 
incapsula DDoS Impact Survey

What is Zeald doing?

In a nutshell, DDoS attacks are so hard to defend against because the attackers know where the victim is, but the victim doesn’t know where the attackers are. In addition, it’s extremely difficult to tell which packets come from the bad guys and which are legitimate users. https://www.cartika.com/blog/why-are-distributed-denial-of-service-attacks-so-hard-to-defend-against/

Because malware-infected computers are distributed around the world, victims could potentially keep their websites running within New Zealand by shutting them off to international visitors.

While we can’t disclose specifics, Zeald and our server hosting provider are taking steps to mitigate this issue in the future. Both Zeald and our server hosting provider are affected by these attacks, so resolution and future prevention are of the highest priority for all. Obviously, if we made these steps public, the attackers themselves would be aware, making our defence redundant.

Why was the Zeald website back up and running first?

As we have complete control, authority and access over our own website, we can use it to test potential fixes to the problem. Once we can confirm a resolution is working on our own website, we can apply this to others. This was also done in part to ensure that Zeald itself was not the target of the attack. After this was determined we were able to roll out a resolution on a broader scale.

Why is my website still experiencing interruptions, while others are not?

The steps we have taken have resolved the problem for a majority of websites, however some may still be affected. We now have a course of action available for those who may still be experiencing issues. If your website is still experiencing interruptions, please get in touch with our support team who will work towards getting you back up and running.

Our Support Specialists are readily available and there will be no after-hours charges relating to DDoS issues.
Phone: 0508 932 748 ext 1. (for after-hours call, dial 0508 932 748 ext 9)
Email: support@zeald.com

We appreciate your patience during this time and apologise again for any inconvenience caused.