• Our Vision

    To be the trusted guardian of
    New Zealand's
    Information Assets


July 2016 New Zealand Information Security Manual

New Zealand Information Security Manual

The July 2016 NZISM has now been published.

Changes include new sections in Chapter 11; Radio Frequency Identification (RFID) and Access Control Systems, new content in section 11.2 on printer cartridge memory chips, new paragraphs on Access control in section 16.1 and new rationale and controls for section 19.5 Incident Handling and Management along with other minor and editorial updates.

In addition some new definitions of terms commonly used in the NZISM have been added as points of clarification and to aid policy interpretation as well as minor wording changes for the purposes of clarification.

The document remains in two parts for this release. 

You can view the July 2016 NZISM parts 1 & 2 and the July 2016 Change Register here.

As always, comments and suggestions for improvements are welcome.  Please direct these to ism@gcsb.govt.nz

read more

Cyber Security Advisory CSA-007-16

Distributed Denial of Service Extortion Campaign Targeting New Zealand Organisations

The NCSC is aware of an extortion campaign currently targeting New Zealand organisations. Several organisations have received extortion emails threatening a Distributed Denial of Service attack (DDoS) unless a payment in Bitcoins is made to the email sender.

The NCSC is not currently aware of any instances where the threat to carry out an attack has been realised.

Any organisation receiving an extortion email should report the threat to their local police http://www.police.govt.nz/contact-us/stations

We also recommend speaking with your Internet Service Provider (ISP) regarding advice and any specific DDoS mitigations that may be needed. 

Preparation is the most effective method of withstanding a DDoS attack. However, if your organisation is currently being targeted, there are a number of measures you can consider taking to reduce the impact of the attack. 

  • Contact your Internet Service Provider to discuss their ability to help you manage or mitigate the attack.
  • Where applicable, temporarily transfer online services to cloud-based hosting providers that have the ability to withstand DDoS attacks.
  • Use a denial of service mitigation service for the duration of the DDoS attack.
  • Disable website functionality or remove content that is being specifically targeted by the DDoS attack. For example, search functionality, dynamic content or large files.

The full Cyber Security Advisory CSA-007-16 is available here.

read more

Persistent telephone inquiries could be precursor to cyber threats

Persistent telephone inquiries could be precursor to cyber threats

 

21 April, 2016

“The NCSC is aware of persistent, likely overseas sourced, telephone inquiries seeking confirmation of job titles and email addresses.

It is possible these calls could be a precursor to follow up cyber threat activity in the form of whaling, or spear-phishing.

“Whaling” or “spear-phishing” activities are where an email, often carefully engineered to reflect a particular interest of the receiver - which contain a threat, or a hyperlink to a threat, which when opened enables the adversary to access the user’s device or network.

If your organisation has encountered or suspects a cyber-security incident, please report this to the National Cyber Security Centre (NCSC)

The NCSC defines an incident as an occurrence or activity that impacts on the confidentiality, integrity or availability of an information system (infrastructure).

If you require assistance in dealing with the incident, please complete the Cyber Security Incident – Request for Assistance Form and submit it to incidents@ncsc.govt.nz

If required, you can speak with us directly on (04) 498-7654.

read more

Reporting an Incident


If your organisation has encountered or suspects a cyber-security incident, please complete and return the Cyber Security Incident - Report Form. If you require assistance in dealing with the incident, please complete the Cyber Security Incident – Request for Assistance Form. If required, you can speak with us directly on (04) 498-7654.

Some Interesting Stats


In the 12 months to 30 June 2015 the NCSC recorded a total of 190 incidents. Of those 114 were identified as targeting government systems, 56 targeting private sector – with a further 20 where the sector targeting was not identified in the reporting. Of total recorded incidents for the 2014/15 period spear phishing made up 30.5 percent, with 58 incidents, followed by network intrusion/compromise with 21.5 percent (41 incidents) and botnets, 9.5 percent (18 incidents). For the full article, see Cyber incidents for year to 30 June 2015.

According to Intel Security, New Zealand songstress Lorde ranks in the Top 10 of the "World’s Most Dangerous Celebrities" to search for online. Cybercriminals take advantage of interest in celebrities by filling search results with links to sites that may host malware and other online threats that can steal personal data and harm our devices. Intel Security conducted a study to determine the number of risky sites that would be generated in search results including a celebrity name and commonly searched terms.  Lorde ranged number nine in Intel’s 2015 list.  For the full article, see The 2015 Most Dangerous Celebrity.

The median number of days a cyber threat was present in victims system before being detected was 205 according to Mandiant’s 2015 MTrends report.  The report says 69 percent of victims were notified of the threat by an external entity.