Australia’s second-largest online broker, ANZ Bank’s ETrade, has admitted it shut down some services over the Christmas and New Year period due to a cyber-attack that originated offshore.
The company originally claimed it had experienced problems with its technology systems, but said yesterday it was the victim of a “distributed denial-of-service” attack.
The denial-of-service attack flooded the broker with thousands of emails, leading the website to shut down.
The bank responded by cutting off access to all overseas users, restoring access to individual countries as risk assessments were performed. Customers in some countries were unable to access the service for nearly two weeks.
While this largely affected overseas customers, an ETrade spokesman told Fairfax newspapers there was intermittent access for Australian customers on December 19 and 20.
ANZ was contacted for comment but was not available prior to publication.
According to Symantec, who produce online security program Norton Antivirus, such denial-of-service attacks are dangerous but their prevalence is very low. The company says these attacks typically target large businesses or government institutions.
Far more common to small and medium-sized business are hacks to access information kept in databases, such as credit card details. Hackers may target smaller companies that are unlikely to have invested as much in online security.
Last year saw many businesses have their customer information stolen, the most high-profile of which was an attack on Sony which saw millions of credit card details stolen from its Playstation network and saw an American class action lawsuit brought against the company.
“Every time there a business has its security compromised, the more publicised it becomes,” McAfee consumer marketing manager Melanie Cole told SmartCompany in November.
“Businesses need to make sure consumers feel safe to go on their site, make sure the payment system is all secured and working properly, and ensure they have secure shopping site protection.”
In July 2011 the Federal Government’s Department of Defence Intelligence and Security published a strategy guide to mitigating targeted cyber intrusions.
It said 85% of such attacks could have been prevented by ensuring applications and operating systems are up-to-date with patches, by minimising the number of users with administrative privileges, and by using application whitelisting to help prevent malicious software and other unapproved programs from running in the background.
Comments