Cyber Incident Victim: Metservice
Date:
Sep 2020
Location:
New Zealand
Summary
The Meteorological Service of New Zealand experienced a distributed denial-of-service (DDoS) attack that disrupted its website, prompting a temporary redirection of all web traffic to a backup site containing critical safety information and forecasts. While initial mitigation efforts by its security provider addressed the attack promptly, intermittent issues persisted the following day. The incident occurred amid similar sustained attacks targeting the NZX stock exchange, which had previously received warnings foreshadowing such disruptions. Cybersecurity experts characterized DDoS attacks as a common tool involving overwhelming traffic to degrade services, noting that prolonged incidents allow for better tracing of origins and implementation of countermeasures by agencies or internet providers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 1, 2020, the Meteorological Service of New Zealand (MetService) experienced a distributed denial of service (DDoS) attack targeting its digital infrastructure. The organization’s security service provider detected and addressed the attack promptly, initially preventing significant performance degradation across MetService’s digital platforms. By the following day (September 2), however, intermittent disruptions emerged on the MetService website, prompting the organization to redirect all web traffic to a backup site shortly before 9:00 AM local time. The backup site retained critical operational capabilities, including access to New Zealand’s safety-critical meteorological information, radar imagery, and brief forecasts. MetService confirmed ongoing website instability as a direct consequence of the attack and maintained its staff on "the highest alert" status to monitor systems. No data breaches or compromises to internal systems were reported, with the incident confined to availability disruptions affecting public-facing web services.
The attack occurred amid a broader wave of DDoS incidents targeting New Zealand organizations, most notably the NZX stock exchange, which suffered five consecutive days of disruptions beginning the prior week. NZX’s outages included trading halts and website downtime, necessitating defensive reinforcement efforts involving the Government Communications Security Bureau (GCSB) and cybersecurity firm Akamai. Government officials disclosed that NZX and other institutions had received advance warnings foreshadowing the attacks, though no such warnings were explicitly mentioned in relation to MetService. MetService’s response focused on maintaining service continuity through its backup infrastructure while mitigating the attack’s immediate effects. The organization did not publicly attribute the attack or disclose technical specifics of the mitigation measures beyond confirming the DDoS nature of the incident and the implementation of traffic redirection protocols.