Story image

NCSC report counts 338 recorded attacks on NZ’s ‘nationally significant organisations’

13 Mar 2017

New Zealand’s National Cyber Security Centre (NCSC) revealed the extent of cybersecurity attacks on our most ‘significant organisations’ last week, with 338 recorded and the true number sure to be much higher.

The new report, titled Unclassified Cyber Threat Report – 2015/16, showed that in the 12 months to June 30 2016, there were 338 attacks against New Zealand’s nationally significant organisations.

Lisa Fong, director of the National Cyber Security Centre for the GCSB, says the true amount of attacks is likely to be much larger. 

However, she says the increased threat detection is a good thing, as “The increase reflects both the increased detection of threats by our defensive capabilities and an increase in organisations’ self-reporting”, she says.

The report says that 169 of the security incidents involved the public sector; at least 73 involved the private sector. The rest were related to individuals, small business and undisclosed partner reporting. 

The NCSC also intervened with ‘hands-on, intensive incident response’ in 28 situations for 19 different organisations. Nine of those were private sector companies.

The report mention two undisclosed companies that have been hit by cyber attacks. In the first instance, a New Zealand business website was compromised and redirected browsers to a malware download. The attacks used a known vulnerability in an unpatched CMS.

In the second instance, the NCSC revealed that a New Zealand business may have been targeted by state-sponsored foreign cyber actors, using a ‘wateringhole attack’. The affected server had web shells that allowed an attacker to search, access and change files or webpages, as well as arbitrary command execution.

While the NCSC says it’s difficult to trace the attacks back to the perpetrators, it does so in highly classified situations.

“Official attribution increases the risk for malicious cyber actors for whom remaining undetected is important. Where attribution includes technical details, it can also enhance the security of others by providing technical leads. Public attribution can however pose risk to future detection of attacks, and in many instances entities are reluctant to publicly disclose that they have been the subject of compromise. The decision to release information publicly is taken after careful consideration and consultation where appropriate,” the report says.

The report says that the most common cyber threats are phishing, malware and denial of service (DoS) attacks.

A number of Government agencies have received phishing emails from state-sponsored actors, the report reveals.

“The phishing techniques reported to the NCSC demonstrate social engineering that would often be effective against New Zealand recipients. In some cases, the actors mimic email addresses of local organisations to improve credibility. These campaigns do not typically demonstrate much concern for detection and are the delivery mechanism for malware or to elicit users to provide credentials,” the report says.

In regards to malware, ransomware is the most common form, the report found.

“Ransomware has been a significant cause of financial harm for many New Zealand businesses and individuals. The NCSC has received reports of ransomware across a large number of victims from New Zealand’s private sector as well as individual New Zealanders. The NCSC also detects ransomware attempts against networks of national importance but their higher level of network security is typically enough to prevent infection or quickly remediate, and does not typically require a response,” the report says.

DoS and DDoS attacks have also been spotted, although generally unsuccessful.

“A common use of this attack vector is as a form of blackmail for a payment (typically of bitcoins). Only some DDoS blackmail actors actually follow through on their threats. Distributed Denial of Service operations have also been used by issue-motivated groups to try and achieve media attention. These have resulted in limited success,” the report says.

Fong says the threats the NCSC has identified targeting NZ firms match what is happening both on a domestic and global level.

NCSC recommends that 85% of threats can be prevented by:

  • Patching software and operating systems
  • Whitelisting only applications that are necessary
  • Minimising administrative privileges.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”