News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Insights
  3. Cyber Threat Reports
  4. 2023/2024 Cyber Threat Report
  5. Threat landscape

Te āhuatanga o ngā tuma i Aotearoa Aotearoa New Zealand threat landscape

The cyber threat landscape is constantly changing, so it is vital to understand key cyber security threats in order to inform responses to the challenges. Malicious cyber activity is likely to continue to impact a larger range of systems and victims as New Zealand’s dependence on technology grows in size and complexity.

Aotearoa New Zealand’s growing connectivity of devices and networks, alongside the adoption of emerging technologies (such as artificial intelligence and machine learning), has made our domestic cyber landscape more complex, and our nation continues to experience cyber threats from an increasing number of sources. A rising dependence on digital technology within New Zealand’s economy and day-to-day life is also providing more opportunities for malicious cyber activity to affect more victims.

State-sponsored malicious cyber activity and hacktivism

State-sponsored malicious cyber activity endures and primarily poses an espionage threat to New Zealand organisations. This year, the NCSC has observed a wider range of state-sponsored malicious cyber activity and some heightened activity from traditional adversaries.

While the number of incidents that can be linked to state-sponsored actors (110 incidents, or 32% of incidents of national significance) is up 8.5% on the previous year, it is broadly consistent with the proportion of recorded state sponsored incidents over the previous five years. These have ranged from 33% in 2019/20, 28% in 2020/21, and 34% in 2021/22. An exception was a decrease to 23% in 2022/23.

New Zealand’s international relations, involvement in global organisations, technological innovations, and research, means our nation holds information that is likely of high intelligence value, and state-sponsored cyber actors continue to demonstrate the intent and capability to target us for its acquisition.

The tense geopolitical environment − including the rise of hacktivism, fallout from the Russia-Ukraine conflict, and acceleration of disruptive cyber capabilities − has almost certainly increased the cyber threat to New Zealand organisations. The NCSC has seen this reflected in cyber incidents in a number of ways, including an increase in Russian state-linked malicious cyber activity and pro-Russian hacktivists targeting multiple New Zealand government organisations.

As more cyber threat actors enter this environment, it is becoming increasingly difficult to disassociate or attribute state and criminal cyber activity. A proportion of unattributed cyber incidents this year was likely also state-sponsored activity that could not be linked. Additionally, there is the potential that some criminal groups are being directed by states or at least have tacit approval to conduct malicious cyber activity that aligns with state interests.

Hacktivism refers to the act of using digital techniques to gain unauthorised access to computer files or networks for politically or socially motivated purposes.

Cyber-dependent and cyber-enabled crime

New Zealand is increasingly experiencing incidents in which sophisticated cyber criminals are using their capabilities and wider resources to scale their operations.

Ransomware has remained a persistent threat to New Zealand’s nationally significant organisations, smaller businesses and even schools. Disruption efforts, such as arresting actors and taking down infrastructure, have resulted in a decrease in financially motivated cyber incidents this year. However, it is expected that this will on be temporary as groups diversify and rebuild. Ransomware actors continue to take advantage of exfiltrated data to extort payment from their victims, increasing the potential for reputational and economic harm, and impact to critical services. Dominant ransomware players continue to successfully target high-profile victims. Extortion activity in New Zealand was not only limited to ransomware; victims also experienced disruptive distributed denial-of-service (DDoS) activity in lieu of encryption or data leaks.

The scale and impact of online scams and cyber-enabled fraud is rising in New Zealand, enabled through the growing use of social media and cryptocurrency. The compromise of business or corporate email accounts is of growing concern and is becoming increasingly profitable for criminals. This is because it enables cyber criminals to pretend to be trusted organisations, making it more likely for people to provide personal information. Victims are experiencing significant personal, reputational and financial harm as a consequence of this activity.

Tradecraft and technology

The proliferation of cyber capabilities has lowered the barrier of entry for malicious cyber actors, providing access to more sophisticated skills and techniques. Offensive cyber tools and services (including spyware), once only available to well-resourced countries who could develop them internally, are now widely accessible to both states and cyber criminals. This growing availability of effective malicious cyber tools compromised credentials, and vulnerabilities in public-facing infrastructure, has made it easier for malicious cyber actors to work at scale and with the ability to cause national-level harm in New Zealand.

Advancements in and adoption of these technologies is enabling the propagation of scams and other forms of cybercrime. In particular, the scale and sophistication of this enabling activity is likely to test the resilience of financial and identity systems as malicious cyber actors improve their ability to bypass security controls. Whilst controls such as multi-factor authentication (MFA) can mitigate against some of this activity, malicious cyber actors continue to develop tactics, techniques and procedures (TTP) that challenge these cyber security defences.

The use of large-scale data and credential breaches to enable malicious cyber activity is an ongoing trend. This year, the NCSC saw significant data breaches occur worldwide, some of which included New Zealanders’ personal information. An example this year was a publicly reported incident in which a finance company experienced a breach of customers’ personal identity and contact information. These breaches can subsequently allow actors to identify targets for phishing activity, or to directly compromise accounts: two of the most prolific and impactful forms of malicious activity experienced by New Zealanders.

Cyber threat actors’ success from social engineering use is increasing. This year social engineering was used across the sophistication spectrum: from scams against individual victims, to state-sponsored cyber actors using it to gain accesses for cyber espionage. What makes social engineering effective is its reliance on the human element, rather than technical vulnerabilities in software and systems. A wide range of malicious cyber and scam actors rely on social engineering and behavioural manipulation to convince a victim to act against their interests.

Cyber threat actors will likely continue to experiment with new tradecraft and technologies, but success does not necessarily rely on these. The threat to victims from simpler, long-standing methods − such phishing to deploy malware or vulnerability exploitation − is still prevalent across New Zealand’s domestic cyber threat landscape, from individuals to our nationally significant organisations.

The next section of this report illustrates how this cyberthreat landscape translates into incidents recorded by the NCSC. First, the report outlines the key trends related to the 6779 incidents handled through the NCSC’s general triage process and the most common incident types. Then the report focuses on the 343 incidents of potential national significance and provides insight into the types of measures that could prevent these incidents from occurring.

Top