SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
NCSC warns risk of cyber attack amid Russia/Ukraine tensions
Tue, 22nd Feb 2022
FYI, this story is more than a year old

The National Cyber Security Centre (NCSC) has encouraged NZ's crucial organisations to examine their cyber security preparedness in light of the increased tensions between Russia and Ukraine.

The NCSC acknowledges that “malicious cyber activity in Aotearoa New Zealand reflects international trends.

The government-owned security agency adds that the tensions between the two countries also raise the risk of cyber attacks, citing the 2018 NotPetya cyber attack and the compromising of SolarWinds Orion software in 2020.

It notes this could result in severe consequences, including for countries and organisations not directly targeted.

“Aotearoa New Zealand has previously condemned the widespread disruption resulting from indiscriminate cyber campaigns conducted by Russia.

“In light of the global threat environment, the NCSC recommends nationally significant organisations consider their security posture, exercise readiness, and monitor for relevant cyber security developments,” The NCSC adds.

The warning comes at the same time as the NCSC joined the data breach service Have I Been Pwned's (HIBP) government programme.

Have I Been Pwned will allow the NCSC to be notified by the service if any official New Zealand Government email addresses are subject to a breach.

The GCSB can subsequently notify the affected agency internally and provide advice.

Australia-based Troy Hunt, who is well-known in security circles and recognised by Microsoft, created HIBP back in 2013 as a response to increasingly serious data breaches at the time, such as the Sony Pictures breach.

HIBP allows individuals and organisations to type in an email address or password and find out if it has been compromised in a public data breach.

Although he does not specifically work for the software company, Hunt was made a Microsoft regional director and MVP as a result of the site's success.

Hunt stepped down from his esteemed post as sole manager of HIBP in 2019 but continues in both his Microsoft roles.

HIBP also continues to be a valuable resource for those wanting to find out if they've had their security compromised.

The site has caught breached accounts from companies such as LinkedIn, MySpace, and Dubsmash.

“Continuing the march forward to provide governments with better access to their departments' data exposed in breaches, I'm very pleased to welcome the 28th national government onto Have I Been Pwned - New Zealand!” Hunt says on his blog.

As a condition of its government programme, HIBP will only share email addresses affected by a data breach with the NCSC. Related information such as passwords may be made reference to, but this will not will be shared.

Furthermore, the alerts will give the NCSC relevant insights into appropriate government cyber hygiene.

The NCSC says, “[this will support] more effective cyber security policy and resilience initiatives.

HIBP offers membership to the government programme at no cost.