New Zealand’s National Cyber Security Centre (NCSC) revealed the extent of cybersecurity attacks on our most ‘significant organisations’ last week, with 338 recorded and the true number sure to be much higher.
The new report, titled Unclassified Cyber Threat Report – 2015/16, showed that in the 12 months to June 30 2016, there were 338 attacks against New Zealand’s nationally significant organisations.
Lisa Fong, director of the National Cyber Security Centre for the GCSB, says the true amount of attacks is likely to be much larger.
However, she says the increased threat detection is a good thing, as “The increase reflects both the increased detection of threats by our defensive capabilities and an increase in organisations’ self-reporting”, she says.
The report says that 169 of the security incidents involved the public sector; at least 73 involved the private sector. The rest were related to individuals, small business and undisclosed partner reporting.
The NCSC also intervened with ‘hands-on, intensive incident response’ in 28 situations for 19 different organisations. Nine of those were private sector companies.
The report mention two undisclosed companies that have been hit by cyber attacks. In the first instance, a New Zealand business website was compromised and redirected browsers to a malware download. The attacks used a known vulnerability in an unpatched CMS.
In the second instance, the NCSC revealed that a New Zealand business may have been targeted by state-sponsored foreign cyber actors, using a ‘wateringhole attack’. The affected server had web shells that allowed an attacker to search, access and change files or webpages, as well as arbitrary command execution.
While the NCSC says it’s difficult to trace the attacks back to the perpetrators, it does so in highly classified situations.
“Official attribution increases the risk for malicious cyber actors for whom remaining undetected is important. Where attribution includes technical details, it can also enhance the security of others by providing technical leads. Public attribution can however pose risk to future detection of attacks, and in many instances entities are reluctant to publicly disclose that they have been the subject of compromise. The decision to release information publicly is taken after careful consideration and consultation where appropriate,” the report says.
The report says that the most common cyber threats are phishing, malware and denial of service (DoS) attacks.
A number of Government agencies have received phishing emails from state-sponsored actors, the report reveals.
“The phishing techniques reported to the NCSC demonstrate social engineering that would often be effective against New Zealand recipients. In some cases, the actors mimic email addresses of local organisations to improve credibility. These campaigns do not typically demonstrate much concern for detection and are the delivery mechanism for malware or to elicit users to provide credentials,” the report says.
In regards to malware, ransomware is the most common form, the report found.
“Ransomware has been a significant cause of financial harm for many New Zealand businesses and individuals. The NCSC has received reports of ransomware across a large number of victims from New Zealand’s private sector as well as individual New Zealanders. The NCSC also detects ransomware attempts against networks of national importance but their higher level of network security is typically enough to prevent infection or quickly remediate, and does not typically require a response,” the report says.
DoS and DDoS attacks have also been spotted, although generally unsuccessful.
“A common use of this attack vector is as a form of blackmail for a payment (typically of bitcoins). Only some DDoS blackmail actors actually follow through on their threats. Distributed Denial of Service operations have also been used by issue-motivated groups to try and achieve media attention. These have resulted in limited success,” the report says.
Fong says the threats the NCSC has identified targeting NZ firms match what is happening both on a domestic and global level.
NCSC recommends that 85% of threats can be prevented by:
- Patching software and operating systems
- Whitelisting only applications that are necessary
- Minimising administrative privileges.