• Our Vision

    To be the trusted guardian of
    New Zealand's
    Information Assets

  • Our Goal

    No advanced, technology-borne compromise of the most significant national information infrastructures by June 2016.


NCSC Security Advisory - NCSC-EV-2015-126

Spear Phishing Emails Used for Credential Harvesting Across
Mulitple Government Agencies

The NCSC is aware of a recent campaign involving credential harvesting attacks in the form of spear phishing emails targeting a number of different government agencies.


The attack is delivered using a spear phishing email containing a malicious link, different social engineering techniques to fool the victim and/or compromising legitimate email accounts to propagate further.

 

Refer here for the full NCSC Security Advisory - NCSC-EV-2015-126 .

read more

Windows 10 upgrade scam

A new scam in relation to downloading Microsoft windows 10 operating system has been identified.

In what appears to be a legitimate email from Microsoft (update@microsoft.com) the email entices the user to download the latest version of Windows 10 from a link from within the email.

In the event that the file is downloaded the user’s computer will run a malicious executable file (CBT-Locker), a type of ransomware which locks the infected computer prompting the user to pay to unlock their computer.

The following link will take you to an article with more information.

http://blogs.cisco.com/security/talos/ctb-locker-win10

The NCSC advises using SPF record checking as part of your anti-spam filter software (see section 15.2.15 of the NZISM) to prevent emails like this coming through.

For any further assistance contact the NCSC at info@ncsc.govt.nz.

 

 

read more

NCSC Security Advisory – NCSC-ADV-201507-0110

A leak of  400GB of corporate data from Italian surveillance malware vendor ‘Hacking Team’ in the past week  has  revealed a  number of Adobe Flash Player exploits1.  Adobe has provided a patch for each of these between July 8th and July 15th following the leak which occurred on July 5th.

The NCSC is aware of Flash Player exploits being used in network exploitation. Recent reporting from security companies2,3,4 has shown that high threat APT groups have been quick to leverage the exploits and  use them to compromise targets.  Crime-ware has also taken  advantage of the new exploits and more information is available in reports on-line.

NCSC Advice
The NCSC advises the following actions to aid in protecting your system from these exploits:

  • Maintain up to date patching of operating systems and antivirus.
  • Consider disabling Flash Player in browsers until patched.
  • Explore  methods to control  access  to  webpages utilising Flash Player can limit exposure to potential compromises.
  • Investigate tools like Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)  which aim to prevent vulnerabilities and increase the difficulty of exploiting software.

The NCSC also recommends following the Australian Signal Directorate (ASD) “Top four mitigation strategies to protect your ICT system.”5

 

[1] Common vulnerability and exposure (CVE) identifiers:

[2]https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html

[3]https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html

[4]http://blog.trendmicro.com/trendlabs-security-intelligence/the-adobe-flash-conundrum-old-habits-die-hard/    

[5]www.asd.gov.au/publications/protect/top_4_mitigations.htm

read more

May 2015 New Zealand Information Security Manual

May 2015 New Zealand Information Security Manual

The NZISM is a practitioner’s manual designed to meet the needs of agency information security executives as well as vendors, contractors and consultants who provide services to agencies.  It includes minimum technical security standards for good system hygiene, as well as providing other technical and security guidance for government departments and agencies to support good information governance and assurance practices.

The May 2015 NZISM is now available

This version of the NZISM incorporates new material, principally on Personal Wearable Devices.  Cryptographic requirements (Chapter 17) have been strengthened.  A small number of existing controls have seen wording adjustments and enhancements to improve clarity. Additional explanatory material has been added throughout the document.   

A new chapter (Chapter 20 Data Management) has been inserted to improve searchability and make data management topics simpler to find (previously these resided in several different parts of the NZISM).

As always, comments and suggestions for improvements are welcome.  Please direct these to ism@gcsb.govt.nz

 

 

 

 

read more

Reporting an Incident


If your organisation has encountered or suspects a cyber-security incident, please complete and return the Cyber Security Incident - Report Form. If you require assistance in dealing with the incident, please complete the Cyber Security Incident – Request for Assistance Form. If required, you can speak with us directly on (04) 498-7654.

Some Interesting Stats


Some interesting stats

In its third year of operation, the NCSC saw an increase in the number of cyber security incidents reported, from a total of 134 in 2012, to a total of 219 in 2013. Scam and spam related incidents were the largest category of reported incidents at 30%. Denial of Service (DoS) attacks and Botnet/Malware activity were the second largest categories, making up 22% and 12% of incidents respectively.

The median number of days a cyber threat was present in victims system before being detected was 299 according to Mandiant’s 2013 MTrends report.  The report says 67 percent of victims were notified of the threat by an external entity. The report is available here.  

Security software provider McAfee log 200 new cyber threats every minute according to their by security software provide McAffee according to their 4th quarter, 2013 threats report. The report is available here.