• Our Vision

    To be the trusted guardian of
    New Zealand's
    Information Assets

Current Activity

Response to WannaCry global ransomware attack

New Zealand cyber security authorities are aware of a significant international ransomware campaign - WannaCry.

The attack uses malware to encrypt victims data and demands victims pay a ransom to have their data restored.

The National Cyber Security Centre (NCSC) is working with the newly established CERT NZ to help protect New Zealanders from this form of attack.

The NCSC is taking steps to help increase the resilience of New Zealand’s nationally significant systems. These steps include technical measures and provision of mitigation advice.

The NCSC is aware that the ransomware exploits a known vulnerability in Windows operating systems and has previously provided advice to customers on addressing this vulnerability.

We are also working with CERT NZ to provide information on how individuals, small businesses and operators of larger systems can reduce their vulnerability to ransomware attacks.

Neither the NCSC or CERT NZ have received any reports of a New Zealand incidence of this ransomware attack.

If you experience such an attack you should contact https://www.cert.govt.nz/

CERT NZ have more information about this attack at https://www.cert.govt.nz/businesses-and-individuals/recent-threats/alert-wannacry-ransomware-used-in-large-scale-international-attacks

read more

NCSC advice in response to global cyber intrusion campaign

6 April, 2017 

The National Cyber Security Centre (NCSC) is aware of a global cyber intrusion campaign targeting multi-national IT service providers.

Given the global nature of the campaign our response has been informed through consultation with our security partners.

There is no suggestion that this campaign is targeting the general public or small to medium enterprises.

The NCSC has provided advice on threat protection and response to key government and private sector organisations.

Our recommendations to organisations include:

  1. Carry out an investigation to check networks for any of the indicators included in the PwC UK and BAE systems reports.
  2. Audit administrative access into your organisation’s networks (especially via third parties) and carry out the recommendations in the NCSC Advisory NCSC CSA-006-17

We note that IP addresses in isolation are not considered to be strong indicators of a compromise. Activity related to IP addresses should be examined in the context of overall network traffic within each organisation to determine whether or not it may be malicious.

If you identify any activity that appears to be malicious, or would like to discuss this particular threat further, please call the NCSC incident line on  04 498 7654.

Some open source reporting:

https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html

http://www.baesystems.com/en/cybersecurity/blog/apt10-operation-cloud-hopper

 

read more

NCSC Cyber Threat Report 2015/16

9 March, 2017

National Cyber Security Center (NCSC) recorded 338 cyber security incidents in the 12 months 30 June 2016.

Information about these incidents is contained in a cyber threat report prepared by the NCSC to help increase understanding about the nature and extent of the cyber threats facing New Zealand's siginificant organisations.

NCSC Director Lisa Fong says the report highlights the range of threats the NCSC has identified and responded to.

She says while the report highlights that cyber threats facing New Zealand are continuing to increase it is likely that the threats recorded represent only a small proportion of the total incidents impacting on New Zealand and New Zealanders.

She says the threats the NCSC has identified targeting New Zealand organisations are consistent with those identified by cyber security providers domestically and internationally.

The report provides an overview of the work of the NCSC and an outline of some of the common types of threats impacting on New Zealand organisations.

The Cyber Threat Report is available here

read more

Reporting an Incident

If your organisation has encountered or suspects a cyber-security incident, please complete and return the Cyber Security Incident - Report Form. If you require assistance in dealing with the incident, please complete the Cyber Security Incident – Request for Assistance Form. If required, you can speak with us directly on (04) 498-7654.

Some Interesting Stats

338 cyber security incidents were recorded by the National Cyber Security Centre in the 12 months to 30 June 2016. This is an average of 28 incidents per month and represents a significant increase on the previous 12 months when there were 190 cyber security incidents. GCSB Director Andrew Hampton reviews the nature of the cyber threats to New Zealand in his address to the New Zealand Institute of International Affairs.

The Australian Signals Directorate (ASD) has updated its ‘Strategies to Mitigate Cyber Security Incidents’ guidance on prioritised security controls, expanding the ‘top four’ strategies to produce a new ‘essential eight’. The strategies are a list of practical actions that organisations can take to make their systems more secure. The eight essential strategies can be implemented as a baseline and the guidance can be tailored based on an organisation’s risk profile and the threats they face.

Security researchers believe the number of companies around the world experiencing ransomware events tripled between the first and third quarters of 2016. The American National Institute of Standards and Technology (NIST) has now published a “Guide for Cybersecurity Event Recovery” (NIST Special Publication 800-184) which offers guidance for developing, testing and improving recovery plans so organisations are ready when a cyber security event occurs.