sb-nz logo
Story image

NCSC reveals unclassified look into New Zealand's cyber threat landscape

29 Nov 2017

The GCSB’s National Cyber Security Centre (NCSC) has been doing its bit to protect New Zealand from cyber threats and it says it has reduced the impact of cyber threats by almost $40 million over the last year.

The NCSC works with New Zealand public and private sector organisations to protect information systems from cyber threats. It also provides incident response for incidents at a national level.

The NCSC released its 2016/2017 Cyber Threat Report last week, which reveals that there were 396 cyber incidents between July 1 2016 and June 30 2017 – 58 more than in the previous year.

211 incidents involved public sector entities; 146 involved private sector entities and 91 were classed as ‘other’. This includes incidents reported to NCSC, those detected through CORTEX and those from other channels.

One attack used a New Zealand’s organisation’s network to conduct a ‘significant cyber operation’ against a foreign organisation. The attackers had use a malicious Remote Access Trojan (RAT) to compromised the New Zealand organisation and the foreign target.

“The NCSC determined the New Zealand organisation was not targeted on their own merits and the compromise was likely opportunistic; analysis indicated the cyber actor exploited a weak password to gain access to the server. In this instance, the NCSC attributed the compromise to a foreign intelligence service,” the report reveals.

NCSC director Lisa Fong says that 122 incidents involve indicators that have previously been linked to state-sponsored actors, although the report stresses that attribution can be costly. It is only performed to its full extent in ‘the most serious incidents’.

The NCSC’s defences, collectively known as CORTEX, provides direct protection to ‘a targeted subset’ of New Zealand’s nationally significant organisations to reduce economic harm.

“The benefits of the capabilities are felt beyond the direct recipients of cyber defence services, as we are able to share the cyber threat information we obtain from their operation with a wider group of nationally significant organisations,” she explains.

She comments that development and implementation of advanced cyber threat detection and disruption capabilities has improved understanding of what threats target New Zealand’s critical systems.

The threat report found that potential harm could cost New Zealand $640 million annually. CORTEX was able to reduce harm by $39.47 million.

The CORTEX initiative has been active for the last three years and is designed to develop threat detection and disruption capabilities.

As part of the initiative, NCSC sought advice on how to develop a model that could pinpoint the total potential harm to the country’s significant organisations.

“The external model assesses the total potential annual harm from advanced threats targeting the full spectrum of our nationally significant organisations, to be around NZ $640 million annually,” she explains.

“Using the model, and our incident response data, we can calculate that the reduced harm benefit from the operation of our CORTEX capabilities is around $39.47m for the 2016-17 year.”

“We also analyse cyber threat information obtained through the operation of our capabilities, and use it to provide security advice and updates to our wider customers.  The benefit of this broader advice is not included in the harm reduction benefit calculation," Fong concludes.

The NCSC also works with CERT NZ, NZSIS and the New Zealand police to protect the country from advanced cyber threats.

It also works closely with other cybersecurity agencies including the global CERT community, Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre, Canada’s Communications Security Establishment and the United States of America’s National Security Agency.

NCSC says it aspires to a strategic goal of ‘impenetrable infrastructure’ by 2020.

Read the NCSC 2016-17 Unclassified Cyber Threat Report here. 

Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
BayCom partners with NICE inContact to offer cloud contact centre platform in NZ
“With our extensive experience in the industry, BayCom has the ability to design, implement and support CXone nationwide, providing organisations with an industry-leading Contact Centre as a Service (CCaaS) solution to deliver on their customer experience strategies.”  More
Story image
Attack from DOS: In Zero We Trust
In combination with malware, DDoS attacks on banks have been used to cause distraction so the transfer of stolen funds goes unnoticed. More