• Our Vision

    To be the trusted guardian of
    New Zealand's
    Information Assets

Dropbox account details compromised and available online

Credentials from a 2012 Dropbox data breach are now available online. While credential details associated with these accounts were available for purchase on the “Darknet” earlier this year, they are now freely available for download.

Media reports have recently emerged that indicate email addresses (and hashed passwords) for 68,680,741 Dropbox accounts are now publicly available. Of this number, approximately 120,000 are “.nz” domains.

Dropbox have confirmed that credentials were compromised in 2012 when actors used stolen employee login details to access a database containing the email addresses, passwords and other details of users.

The NCSC assesses that the threat to New Zealand entities is low. Since the 2012 breach, the affected accounts have had an enforced password change. Additionally due to the passwords being hashed and salted, it is very difficult for the passwords to be cracked.

While the risk is low, as with all passwords, the NCSC recommends:

  • Using complex passwords;
  • Using two-factor authentication where possible;
  • Consider using a password manager tool; and
  • Making sure your devices and/or accounts are secured with different passwords.


The NCSC can be contacted by email via incidents@ncsc.govt.nz or by phone on:04 498 7654.
We encourage you to contact us at any time if you require any further assistance or advice.

read more

July 2016 New Zealand Information Security Manual

New Zealand Information Security Manual

The July 2016 NZISM has now been published.

Changes include new sections in Chapter 11; Radio Frequency Identification (RFID) and Access Control Systems, new content in section 11.2 on printer cartridge memory chips, new paragraphs on Access control in section 16.1 and new rationale and controls for section 19.5 Incident Handling and Management along with other minor and editorial updates.

In addition some new definitions of terms commonly used in the NZISM have been added as points of clarification and to aid policy interpretation as well as minor wording changes for the purposes of clarification.

The document remains in two parts for this release. 

You can view the July 2016 NZISM parts 1 & 2 and the July 2016 Change Register here.

As always, comments and suggestions for improvements are welcome.  Please direct these to ism@gcsb.govt.nz

read more

Cyber Security Advisory CSA-007-16

Distributed Denial of Service Extortion Campaign Targeting New Zealand Organisations

The NCSC is aware of an extortion campaign currently targeting New Zealand organisations. Several organisations have received extortion emails threatening a Distributed Denial of Service attack (DDoS) unless a payment in Bitcoins is made to the email sender.

The NCSC is not currently aware of any instances where the threat to carry out an attack has been realised.

Any organisation receiving an extortion email should report the threat to their local police http://www.police.govt.nz/contact-us/stations

We also recommend speaking with your Internet Service Provider (ISP) regarding advice and any specific DDoS mitigations that may be needed. 

Preparation is the most effective method of withstanding a DDoS attack. However, if your organisation is currently being targeted, there are a number of measures you can consider taking to reduce the impact of the attack. 

  • Contact your Internet Service Provider to discuss their ability to help you manage or mitigate the attack.
  • Where applicable, temporarily transfer online services to cloud-based hosting providers that have the ability to withstand DDoS attacks.
  • Use a denial of service mitigation service for the duration of the DDoS attack.
  • Disable website functionality or remove content that is being specifically targeted by the DDoS attack. For example, search functionality, dynamic content or large files.

The full Cyber Security Advisory CSA-007-16 is available here.

read more

Reporting an Incident

If your organisation has encountered or suspects a cyber-security incident, please complete and return the Cyber Security Incident - Report Form. If you require assistance in dealing with the incident, please complete the Cyber Security Incident – Request for Assistance Form. If required, you can speak with us directly on (04) 498-7654.

Some Interesting Stats

In the 12 months to 30 June 2015 the NCSC recorded a total of 190 incidents. Of those 114 were identified as targeting government systems, 56 targeting private sector – with a further 20 where the sector targeting was not identified in the reporting. Of total recorded incidents for the 2014/15 period spear phishing made up 30.5 percent, with 58 incidents, followed by network intrusion/compromise with 21.5 percent (41 incidents) and botnets, 9.5 percent (18 incidents). For the full article, see Cyber incidents for year to 30 June 2015.

According to Intel Security, New Zealand songstress Lorde ranks in the Top 10 of the "World’s Most Dangerous Celebrities" to search for online. Cybercriminals take advantage of interest in celebrities by filling search results with links to sites that may host malware and other online threats that can steal personal data and harm our devices. Intel Security conducted a study to determine the number of risky sites that would be generated in search results including a celebrity name and commonly searched terms.  Lorde ranged number nine in Intel’s 2015 list.  For the full article, see The 2015 Most Dangerous Celebrity.

The median number of days a cyber threat was present in victims system before being detected was 205 according to Mandiant’s 2015 MTrends report.  The report says 69 percent of victims were notified of the threat by an external entity.