• Our Vision

    To be the trusted guardian of
    New Zealand's
    Information Assets


NCSC Cyber Threat Report 2015/16

9 March, 2017

National Cyber Security Center (NCSC) recorded 338 cyber security incidents in the 12 months 30 June 2016.

Information about these incidents is contained in a cyber threat report prepared by the NCSC to help increase understanding about the nature and extent of the cyber threats facing New Zealand's siginificant organisations.

NCSC Director Lisa Fong says the report highlights the range of threats the NCSC has identified and responded to.

She says while the report highlights that cyber threats facing New Zealand are continuing to increase it is likely that the threats recorded represent only a small proportion of the total incidents impacting on New Zealand and New Zealanders.

She says the threats the NCSC has identified targeting New Zealand organisations are consistent with those identified by cyber security providers domestically and internationally.

The report provides an overview of the work of the NCSC and an outline of some of the common types of threats impacting on New Zealand organisations.

The Cyber Threat Report is available here

read more

NCSC Cyber Security Advisory CSA-002-17

Date 30 January 2017

DNS server configuration may result in excessive resource use and potential malicious application

Summary

  • The NCSC notes that there are DNS servers currently configured to resolve arbitrary internet domains requested from external hosts. 
  • A DNS server configured in this manner may result in excessive resource use and may have potential malicious application.

Details

1. The NCSC has become aware of DNS servers currently configured to resolve internet domains when requested by external hosts. This appears to occur when a DNS server is configured to search for answers in attempt to resolve the requests.

2. The observed DNS servers either resolve these requests, or request upstream (e.g. Google DNS servers), and finally send the response back to the requester. A DNS server configured in this manner will likely result in excessive resource use, as well as have the potential for malicious application.

Recommendations

3. The NCSC recommends DNS servers are configured to allow recursive lookup from internal hosts and remote offices only.

4. The NCSC further recommends DNS servers are configured to only supply public domains hosted within their network to external hosts.

5. Further open source information can be found by searching for ‘open resolver’.

read more

Reporting an Incident


If your organisation has encountered or suspects a cyber-security incident, please complete and return the Cyber Security Incident - Report Form. If you require assistance in dealing with the incident, please complete the Cyber Security Incident – Request for Assistance Form. If required, you can speak with us directly on (04) 498-7654.

Some Interesting Stats


338 cyber security incidents were recorded by the National Cyber Security Centre in the 12 months to 30 June 2016. This is an average of 28 incidents per month and represents a significant increase on the previous 12 months when there were 190 cyber security incidents. GCSB Director Andrew Hampton reviews the nature of the cyber threats to New Zealand in his address to the New Zealand Institute of International Affairs.

The Australian Signals Directorate (ASD) has updated its ‘Strategies to Mitigate Cyber Security Incidents’ guidance on prioritised security controls, expanding the ‘top four’ strategies to produce a new ‘essential eight’. The strategies are a list of practical actions that organisations can take to make their systems more secure. The eight essential strategies can be implemented as a baseline and the guidance can be tailored based on an organisation’s risk profile and the threats they face.

Security researchers believe the number of companies around the world experiencing ransomware events tripled between the first and third quarters of 2016. The American National Institute of Standards and Technology (NIST) has now published a “Guide for Cybersecurity Event Recovery” (NIST Special Publication 800-184) which offers guidance for developing, testing and improving recovery plans so organisations are ready when a cyber security event occurs.