Customers of New Zealand ISP Spark experienced significant outages over the weekend due to a DDoS attack that sent “extremely high traffic loads” to its Spark DNS servers.
Spark customers complained of slow connections or no connectivity starting on Friday night and continuing into Saturday. By Sunday traffic had returned to normal, Spark said in a statement posted to its Facebook page.
According to the statement, cybercriminals “appear to have been attacking web addresses in Eastern Europe, and were bouncing the traffic off Spark customer connections.” Spark said it saw “the nature of the attack evolve over the period, possibly due to the cybercriminals monitoring our response and modifying their attack to circumvent our mitigation measures – in a classic ‘whack a mole’ scenario.”
Spark said the cybercriminals gained access to its network through a small number of customer connections possibly through malware, and also through accessing vulnerable customer modems. The modems had open DNS resolver functionality, Spark said, “which means they can be used to carry out internet requests for anyone on the internet.”
Spark reacted by disconnecting the affected modems from its network and has taken steps at a network level to mitigate the vulnerability. The company is encouraging customers to keep their devices up to date and regularly update the software and firmware on their home network. It is also warning customers not to click on any suspicious links because it could download malware on their devices.
This month has been a frustrating time for customers of hosting and Internet services in New Zealand. Last week, customers of NZ web hosting reseller 24/7 Hosting reported that their websites and email are offline and the company is currently unreachable.
Last month, in neighboring Australia, ISP Cirrus Communications was hit by a significant DDoS attack that brought down half of its network.