Story image

NCSC reveals unclassified look into New Zealand's cyber threat landscape

29 Nov 17

The GCSB’s National Cyber Security Centre (NCSC) has been doing its bit to protect New Zealand from cyber threats and it says it has reduced the impact of cyber threats by almost $40 million over the last year.

The NCSC works with New Zealand public and private sector organisations to protect information systems from cyber threats. It also provides incident response for incidents at a national level.

The NCSC released its 2016/2017 Cyber Threat Report last week, which reveals that there were 396 cyber incidents between July 1 2016 and June 30 2017 – 58 more than in the previous year.

211 incidents involved public sector entities; 146 involved private sector entities and 91 were classed as ‘other’. This includes incidents reported to NCSC, those detected through CORTEX and those from other channels.

One attack used a New Zealand’s organisation’s network to conduct a ‘significant cyber operation’ against a foreign organisation. The attackers had use a malicious Remote Access Trojan (RAT) to compromised the New Zealand organisation and the foreign target.

“The NCSC determined the New Zealand organisation was not targeted on their own merits and the compromise was likely opportunistic; analysis indicated the cyber actor exploited a weak password to gain access to the server. In this instance, the NCSC attributed the compromise to a foreign intelligence service,” the report reveals.

NCSC director Lisa Fong says that 122 incidents involve indicators that have previously been linked to state-sponsored actors, although the report stresses that attribution can be costly. It is only performed to its full extent in ‘the most serious incidents’.

The NCSC’s defences, collectively known as CORTEX, provides direct protection to ‘a targeted subset’ of New Zealand’s nationally significant organisations to reduce economic harm.

“The benefits of the capabilities are felt beyond the direct recipients of cyber defence services, as we are able to share the cyber threat information we obtain from their operation with a wider group of nationally significant organisations,” she explains.

She comments that development and implementation of advanced cyber threat detection and disruption capabilities has improved understanding of what threats target New Zealand’s critical systems.

The threat report found that potential harm could cost New Zealand $640 million annually. CORTEX was able to reduce harm by $39.47 million.

The CORTEX initiative has been active for the last three years and is designed to develop threat detection and disruption capabilities.

As part of the initiative, NCSC sought advice on how to develop a model that could pinpoint the total potential harm to the country’s significant organisations.

“The external model assesses the total potential annual harm from advanced threats targeting the full spectrum of our nationally significant organisations, to be around NZ $640 million annually,” she explains.

“Using the model, and our incident response data, we can calculate that the reduced harm benefit from the operation of our CORTEX capabilities is around $39.47m for the 2016-17 year.”

“We also analyse cyber threat information obtained through the operation of our capabilities, and use it to provide security advice and updates to our wider customers.  The benefit of this broader advice is not included in the harm reduction benefit calculation," Fong concludes.

The NCSC also works with CERT NZ, NZSIS and the New Zealand police to protect the country from advanced cyber threats.

It also works closely with other cybersecurity agencies including the global CERT community, Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre, Canada’s Communications Security Establishment and the United States of America’s National Security Agency.

NCSC says it aspires to a strategic goal of ‘impenetrable infrastructure’ by 2020.

Read the NCSC 2016-17 Unclassified Cyber Threat Report here. 

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.