After Census night with the Australian Bureau of Statistics site brought to its knees in a denial of service, Norton security experts have some advice on how to avoid a repeat of the drama.
Despite assurances that security would be the highest priority before the Census, it was an embarrassing fail for the Government.
Since the incident there has also been plenty of spin about what actually happened and how the denial of service (DoS) was not actually a hack.
On that point, Norton security expert Nick Savvides agrees and says there is a difference between hacking and DoS.
“Hacking and DoS are both forms of malicious activity but a DoS is not a hack,” Savvides told Tech Guide.
“A hack implies an exploitation and compromise of system, while a DoS is the denial of legitimate users access to that system.”
But while Government says the Census incident didn’t result in lost data, what was the aim of the DoS?
Savvides says DoS is specifically designed to interrupt an organisations ability to service their customers.
“Often the bad guys will use this to demand a ransom from businesses running online services/stores etc,” he said.
“For example, imagine running an online retailer, a DoS will prevent your customers accessing that system, costing the retail immediate business. A DoS does not generally damage data or steal data.
“But a DoS can also be used as a cover or distraction while cybercriminals conduct attacks, in the hope that the defenders are occupied trying to mitigate the DoS.”
Norton’s Savvides says there are a few things the ABS can do to defend itself against this happening again.
“The most effective network tool is to use anti-DoS services that reroute the malicious traffic to either a black hole or to a traffic washing service where incoming traffic is filtered in an attempt to separate the malicious traffic from the legitimate traffic,” he said.
“On the service side the most effective thing is to use a distributed architecture and make use of content delivery networks, to try and limit the effect of a DoS attack. For example, limit it to a particular region or zone.”
The biggest inconvenience and frustration for people was the time they wasted trying to access the ABS site.
But consumers need to be vigilant as they are always in danger when they are online.
“Cybercrime is a major issue and costs the Australian economy around $1.2billion per year,” Savvides says.
“Cybercriminals are always looking for new ways to target consumers, right now their favoured method is via crypto-ransomware that locks up peoples’ files and precious memories and ransoms or extorts them back to them.”