Home | NCSC

Current Activity

Security Vulnerabilities in Wi-Fi Protected Access II (WPA2) Tue, 17/10/2017 - 09:00

The National Cyber Security Centre (NCSC) is aware of reports of security vulnerabilities in Wi-Fi Protected Access II (WPA2), this has been labelled as ‘KRACK attack’.

The NCSC provides services to government agencies, critical infrastructure providers and organisations of national significance, to assist them to defend against cyber-borne threats.

The NCSC recommends our customers refer to the following US CERT advisory:

https://www.us-cert.gov/ncas/current-activity/2017/10/16/CERTCC-Reports-WPA2-Vulnerabilities

Members of the public and other organisations wanting further information can refer to guidance on the CERT NZ website:

https://www.cert.govt.nz/businesses-and-individuals/recent-threats/krack-attack-security-vulnerabilities-affecting-wifi-enabled-devices

July 2017 New Zealand Information Security Manual Thu, 06/07/2017 - 09:00

New Zealand Information Security Manual

The New Zealand Information Security Manual (NZISM) has been updated to include new guidance relating to cloud computing, independent assurance reports and cryptographic key management.

The July 2017 NZISM v2.6 updates the previous edition NZISM v2.5 which was published in July 2016.

The most important updates support secure adoption of cloud computing and are the result of extensive consultation with the Department of Internal Affairs (GCIO) and the government information security community.

They focus on the approach to cloud services (Section 2.3), independent assurance reporting (Section 5.8), and Key Management (Section 17.9) which support the DIA’s Cloud Computing and Productivity Initiative.

There are also a large number of supporting amendments, policy interpretations, minor editorial updates throughout the document as well as some new terms and definitions that have been included to clarify and to aid policy interpretation.

All new materials and amendments are designed to simplify approaches while maintaining existing levels of governance and assurance.

Petya Ransomware Campaign Wed, 28/06/2017 - 09:00

Petya Ransomware Campaign

New Zealand cyber security agencies – the National Cyber Security Centre (NCSC) and CERT NZ - are aware of international reports of a new international ransomware campaign. The ransomware has been identified as “Petya”.

The New Zealand National Cyber Security Centre (NCSC) provides services to government agencies, critical infrastructure providers and organisations of national significance, to assist them to defend against cyber-borne threats. The NCSC has released an advisory relating to this campaign directly to our customers.

Members of the public and other organisations wanting further information can refer to guidance on the CERT NZ website:

https://www.cert.govt.nz/it-specialists/advisories/advisory/new-petya-ransomware-threat

Response to WannaCry global ransomware attack Sat, 13/05/2017 - 14:30

New Zealand cyber security authorities are aware of a significant international ransomware campaign - WannaCry.

The attack uses malware to encrypt victims data and demands victims pay a ransom to have their data restored.

The National Cyber Security Centre (NCSC) is working with the newly established CERT NZ to help protect New Zealanders from this form of attack.

The NCSC is taking steps to help increase the resilience of New Zealand’s nationally significant systems. These steps include technical measures and provision of mitigation advice.

The NCSC is aware that the ransomware exploits a known vulnerability in Windows operating systems and has previously provided advice to customers on addressing this vulnerability.

We are also working with CERT NZ to provide information on how individuals, small businesses and operators of larger systems can reduce their vulnerability to ransomware attacks.

Neither the NCSC or CERT NZ have received any reports of a New Zealand incidence of this ransomware attack.

If you experience such an attack you should contact https://www.cert.govt.nz/

CERT NZ have more information about this attack at https://www.cert.govt.nz/businesses-and-individuals/recent-threats/alert-wannacry-ransomware-used-in-large-scale-international-attacks

Reporting an Incident

If your organisation has encountered or suspects a cyber-security incident, please complete and return the Cyber Security Incident - Report Form. If you require assistance in dealing with the incident, please complete the Cyber Security Incident – Request for Assistance Form. If required, you can speak with us directly on (04) 498-7654.

Some Interesting Stats

338 cyber security incidents were recorded by the National Cyber Security Centre in the 12 months to 30 June 2016. This is an average of 28 incidents per month and represents a significant increase on the previous 12 months when there were 190 cyber security incidents. GCSB Director Andrew Hampton reviews the nature of the cyber threats to New Zealand in his address to the New Zealand Institute of International Affairs.

The Australian Signals Directorate (ASD) has updated its ‘Strategies to Mitigate Cyber Security Incidents’ guidance on prioritised security controls, expanding the ‘top four’ strategies to produce a new ‘essential eight’. The strategies are a list of practical actions that organisations can take to make their systems more secure. The eight essential strategies can be implemented as a baseline and the guidance can be tailored based on an organisation’s risk profile and the threats they face.

Security researchers believe the number of companies around the world experiencing ransomware events tripled between the first and third quarters of 2016. The American National Institute of Standards and Technology (NIST) has now published a “Guide for Cybersecurity Event Recovery” (NIST Special Publication 800-184) which offers guidance for developing, testing and improving recovery plans so organisations are ready when a cyber security event occurs.