New Zealand national postal service and financial institutions targeted in a cyberattack

Wednesday 8th September 2021 – New Zealand national postal service and a number of high-profile institutions experienced a hindrance on services caused by a cyber security attack. 

The method of the cyber-attack was a DDoS attack which was aimed at a number of organisations, including Australia and New Zealand’s banking group ANZ.AX New Zealand Site and the national postal service.  

The method of which a DDoS causes a breach is by overwhelming a website or a system with an overload of incoming traffic, composed of unnecessary requests with the intention to drown out legitimate requests.   

In response to the breach, the nation’s Computer Emergency Response Team (CERT) stated that they were “monitoring the situation and are working with the affected parties where we can”. 

Additionally, upon being notified of the breach, ANZ issued the following brief statement in a Facebook post, affirming to its customers “our tech team are working hard to get this fixed, we apologise for any inconvenience this may cause”.  

The NZ Post’s website stated that the “intermittent disruptions” resulted from an issue stemming from one of its third-party suppliers.  

Furthermore, a small lender partly owned by NZ Post, named Kiwibank issued a statement on twitter apologising for the disrupted services and that they “are continuing to work on some intermittent issues” related to its app, online banking, phone banking and website.  

New Zealand faces an increase of threats regarding cybersecurity.  

The latest report of CERT expressed that in 2021, the number of cyber-attacks has increased by 33%.  

Earlier this year in January, a similar issue occurred in which The Reserve Bank of New Zealand experienced a breach as a result of an intrusion of a third-party service that caused sensitive information   

In May 2021, in a suspected ransom attack, hackers targeted hospitals located in New Zealand’s Waikato district. The hackers released personal information of its victims in the manner of formal looking documents and records, containing the names, phone numbers and addresses of the patients and staff. No amount of ransomware was paid to the hackers. 

In August 2021, trading ceased for four days as a result of a DDoS attack on the nation’s stock exchange.  

As the number of higher profiled cyberattacks increase in frequency, increased guard of not just those who are employed in cybersecurity roles, but every online user would be beneficial, as well as improved plans to prevent such occurrences.