Optus hit by cyber attack, but experts says there is little companies can do to protect themselves

Businesses worried about cyber attacks like the one that hit Optus earlier this week should ensure they are properly backing up their data, but experts says there is little SMEs can do to prepare for such attacks and protect themselves.

Optus, the nation’s second largest telecommunications company, has confirmed that one of its major customers was hit by a denial of service attack originating in China. A spokesperson said in a statement that the strike was a denial-of-service attack, designed to flood a website with massive amounts of traffic in order to overload its servers and bring it down.

“At approximately 1.10pm yesterday one of Optus’ customers experienced a denial of service attack. The attack originated in China,” the spokesperson said.

“The attack caused congestion on one of Optus’ international links leading to slow internet and delayed email for some Optus corporate customers. At 3.25pm Optus resolved the issue by blocking the source of the attack.”

It is understood that the Australian Associated Press was taken down, however, it is unclear whether AAP itself was targeted or whether Optus itself was the sole focus of the attack. News Limited has also claimed to be impacted by Chinese-based attacks.

But Jim Stewart, chief executive of SEO firm Stewart Media, says if a hosting provider is hit by such an attack which filters to its clients, there isn’t much businesses can do to get their site back online.

“It depends on how your business operators. If you have your registrar of your domain name and your hosting provider as two separate entities, then you may have a chance to get your site back online. You can set up a hosting account somewhere else and move that site across if it isn’t too complex.”

“That’s why you want to have a backup plan in place there, and make sure the backup isn’t too big and bulky so you can move it across quickly. Most content managers such as WordPress and Joomla should be able to move.”

But Stewart warns that if a business has its domain name and hosting services handled by the one company, and that company suddenly suffers a shortage or attack, there is nothing much that business can do – and it’s an underestimated problem.

“Hosting is more important than ever these days and not enough people realise it. It’s so important, and what companies don’t realise is that they get what they pay for… if you pay cheaply you can end up on an IP address with several other entities and that results in an underpowered server.”

“It’s also important for SEO. Google won’t like a site that is continually offline and it will stop sending its users there, because they don’t want to be sent to a dead site. If your site is offline it can hurt your SEO.”

Anthony Edwards, technical support manager at TrendMicro Australia, says businesses don’t have much recourse to prepare for a denial of service attack and are at the mercy of their hosting provider.

“Denial of service attacks are pretty tough to protect against. There are some contingency plans users can put in place, such as perhaps organising a second connection they can switch over to. Optus tried to do something like that, really it just has to be stopped at a higher level and there isn’t much businesses can do expect tough it out.”

“For the type of attack that constitutes a denial-of-service attack, it’s focused on bandwidth, and therefore extremely tough to protect or even prepare against.”

Optus has said it worked with an international telco in order to stop the attack. It is just one of the few attacks to have come out of China within the recent past, including a major attack that resulted in internet giant Google abandoning its operations there.