Story image

NCSC reveals unclassified look into New Zealand's cyber threat landscape

29 Nov 2017

The GCSB’s National Cyber Security Centre (NCSC) has been doing its bit to protect New Zealand from cyber threats and it says it has reduced the impact of cyber threats by almost $40 million over the last year.

The NCSC works with New Zealand public and private sector organisations to protect information systems from cyber threats. It also provides incident response for incidents at a national level.

The NCSC released its 2016/2017 Cyber Threat Report last week, which reveals that there were 396 cyber incidents between July 1 2016 and June 30 2017 – 58 more than in the previous year.

211 incidents involved public sector entities; 146 involved private sector entities and 91 were classed as ‘other’. This includes incidents reported to NCSC, those detected through CORTEX and those from other channels.

One attack used a New Zealand’s organisation’s network to conduct a ‘significant cyber operation’ against a foreign organisation. The attackers had use a malicious Remote Access Trojan (RAT) to compromised the New Zealand organisation and the foreign target.

“The NCSC determined the New Zealand organisation was not targeted on their own merits and the compromise was likely opportunistic; analysis indicated the cyber actor exploited a weak password to gain access to the server. In this instance, the NCSC attributed the compromise to a foreign intelligence service,” the report reveals.

NCSC director Lisa Fong says that 122 incidents involve indicators that have previously been linked to state-sponsored actors, although the report stresses that attribution can be costly. It is only performed to its full extent in ‘the most serious incidents’.

The NCSC’s defences, collectively known as CORTEX, provides direct protection to ‘a targeted subset’ of New Zealand’s nationally significant organisations to reduce economic harm.

“The benefits of the capabilities are felt beyond the direct recipients of cyber defence services, as we are able to share the cyber threat information we obtain from their operation with a wider group of nationally significant organisations,” she explains.

She comments that development and implementation of advanced cyber threat detection and disruption capabilities has improved understanding of what threats target New Zealand’s critical systems.

The threat report found that potential harm could cost New Zealand $640 million annually. CORTEX was able to reduce harm by $39.47 million.

The CORTEX initiative has been active for the last three years and is designed to develop threat detection and disruption capabilities.

As part of the initiative, NCSC sought advice on how to develop a model that could pinpoint the total potential harm to the country’s significant organisations.

“The external model assesses the total potential annual harm from advanced threats targeting the full spectrum of our nationally significant organisations, to be around NZ $640 million annually,” she explains.

“Using the model, and our incident response data, we can calculate that the reduced harm benefit from the operation of our CORTEX capabilities is around $39.47m for the 2016-17 year.”

“We also analyse cyber threat information obtained through the operation of our capabilities, and use it to provide security advice and updates to our wider customers.  The benefit of this broader advice is not included in the harm reduction benefit calculation," Fong concludes.

The NCSC also works with CERT NZ, NZSIS and the New Zealand police to protect the country from advanced cyber threats.

It also works closely with other cybersecurity agencies including the global CERT community, Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre, Canada’s Communications Security Establishment and the United States of America’s National Security Agency.

NCSC says it aspires to a strategic goal of ‘impenetrable infrastructure’ by 2020.

Read the NCSC 2016-17 Unclassified Cyber Threat Report here. 

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.