MFN

Malware Free Networks

The GCSB's National Cyber Security Centre (NCSC) has developed a service called Malware Free Networks (MFN), which is designed to strengthen New Zealand’s cyber defence capabilities. MFN is a threat detection and disruption service that provides near real-time threat intelligence reflecting current malicious activity targeting New Zealand organisations. MFN will bring the NCSC’s cyber security capabilities to a much larger number of nationally significant New Zealand organisations.

The MFN threat intelligence service can be integrated with other systems and platforms to increase the range of malicious activity MFN customers are defended against. MFN complements commercial threat intelligence by detecting and disrupting against indicators identified through NCSC’s advanced cyber defence capabilities and sourced from the NCSC’s international cyber security partnerships.

For most customers, the MFN service will be available through their network operator or primary cyber security service provider. MFN is additional to CORTEX, which is a cyber defence capability provided by the NCSC to New Zealand’s nationally significant organisations. MFN complements the existing threat detection and disruption service provided by the NCSC to consenting organisations.


Malware Free Networks in action: case studies

Case study 1: rapid deployment to mitigate risk from global compromise

A widely used technology service provided by a trusted international vendor was compromised globally. The NCSC was able to use its international relationships to quickly understand the nature of the compromise and obtain information that could be used to defend New Zealand users of the affected service. Within hours of becoming aware of the compromise the NCSC had deployed indicators to MFN, enabling customers of the service to be automatically defended.

Case study 2: financial crime prevention

The NCSC learned of payment information being sent to malicious foreign domains when some users made payments through a platform on a New Zealand organisation's website. While the cause of this activity was likely due to banking malware on the users' systems, rather than a compromise of the organisation, the NCSC added the details about malicious domains to the MFN threat intelligence service. Within days, MFN prevented over 250 connection attempts from a device in a New Zealand Government department to one of the malicious domains. The Government department located and disabled the affected device, avoiding a potentially additional, larger compromise.


MFN Frequently Asked Questions

Malware Free Networks (MFN) is a threat detection and disruption service provided by the NCSC. The service is delivered through a curated threat intelligence feed from a range of sources, including the NCSC’s international cyber security partners and information drawn from the NCSC's cyber defence capabilities. MFN provides near real-time threat intelligence reflecting current malicious activity targeting New Zealand organisations.

The types of cyber threat MFN protects against are those that are likely to impact nationally significant organisations, including small to medium enterprises, large corporates, and government organisations. When MFN is used in combination with other feeds, it can help to defend against the full spectrum of cyber threats impacting New Zealand.

MFN has been developed to help defend against malicious activity impacting small to medium enterprises, large corporates, and government organisations. MFN is not designed for residential customers. When MFN is used in combination with other feeds, it can help to defend against the full spectrum of cyber threats impacting New Zealand.

The NCSC is partnering with some ISPs and cyber security service providers to enable them to make MFN available to their customers. Our partners are at various stages in their customer engagement and onboarding processes. We suggest that you ask your ISP or service provider about gaining access to the NCSC’s MFN threat intelligence service.

The NCSC does not charge for the supply of MFN to partners. The cost to the end user is dependent on the type of cyber security service offering provided by each MFN partner direct to the customer.

The MFN threat feed is available via commonly used industry standards for sharing threat information: STIX/TAXII 2.0 or MISP. Your current cyber security capabilities may support integration via these formats. 

If you consume managed security services through an ISP or MSP, they may offer services that utilise the MFN threat feed.

The MFN threat intelligence service can be integrated with cyber security capabilities to protect against threats that operate and propagate via the Domain Name System (DNS), internet IP addresses, and web URLs.

The telemetry the NCSC receives via MFN is stored securely on NCSC systems.

No. MFN is delivered purely as a threat feed via STIX/TAXII 2.0 or MISP. There is no NCSC-owned equipment required inside your network.