Access to ANZ's online banking service and app have gone down again this morning as the bank continues to come under fire from a cyber attack.
The Distributed Denial of Service (DDos) attack has hit a number of major businesses over the last week including ANZ and Kiwibank, NZ Post, MetService and NZ Police, causing intermittent access to their websites.
In a DDoS attack the hackers overwhelm a site with thousands or millions of bots trying to connect to it at once, rendering it inaccessible. There's no element of breaking into servers or stealing data.
ANZ customers have been complaining heavily on the bank's Facebook page this morning with it appearing to go down from around 6am.
"Third day in a row now and the app is down again," one customer noted.
One woman warned the continued outage would see the bank lose customers.
"Are you actually kidding? You guys are about to lose a whole bunch of customers. 3rd day in a row I've woken up to the app and the website crashed. Is this going to keep happening every day!? Why is this not fixed yet!? Are you going to pay our bills since we can't seem too? Absolutely fricken ridiculous."
Another was worried about being able to pay their bills on time.
"I pay all my work bills etc on phone banking what is this mornings update please."
The bank last posted an update at 7.15pm last night saying the outage had been mostly resolved for its New Zealand based customers, but its overseas customers were still experiencing some issues.
"Our support teams continue to work to ensure access for everyone."
But the outage this morning is affecting New Zealand-based customers with many noting they were in Auckland or Rotorua.
Yesterday the bank reassured customers that their eftpos, debit and credit cards would still work, as well as ATMs.
"Also your automatic payments, direct debits and bill payments you've got set up will still go."
It urged customers to try disconnecting and then reconnecting to their internet.
"Also try clearing your browser history and cache, that may help too!
"We're so sorry for any inconvenience that this is causing, and are working hard to get things back up and running as soon as possible!"
A statement yesterday from security agency CERT NZ on Wednesday said it was aware of a DDoS (Distributed Denial of Service) targeting a number of New Zealand organisations.
"We are monitoring the situation and are working with affected parties where we can."
A spokesman for the GCSB's National Cyber Security Centre said, "We are limited in any public comment we will make as we are aware that malicious cyber actors can follow what is reported publicly, and may change their behaviour based on media reporting of their activity.
"DDoS attacks are not new, and most are repelled by organisations working with their service providers who are best placed to implement technical mitigations."
Related Stories
Comments
People saying they are going to change banks if XYZ Bank does not solve its availability problem are missing the point completely. NZ business culture for years has been to under-invest on cyber-security. John Key recently made the point on television that in his opinion Jacinda either doesn't understand the economy or is just not interested in it. To any informed economist this is obvious. In the same manner cyber security experts have for years said that governments (of both parties) have appeared either to not understand cyber threats, or not be interested. To any informed cyber-security professional this is obvious. This exact same criticism has been levelled at successive NZ governments (National and Labour) over their underfunding of defence budgets.
The NZ economy is extremely fragile at the moment due to the current government's total focus on the PR opportunities afforded by COVID and their propensity to spend like there is no tomorrow. We need serious competent government intervention mandating cyber-security standards and a transition plan to fund it. Without this we run serious risk of the economy being crashed by any eastern block kid with an RaaS account.