Current Activity


US CERT advice on response to Meltdown and Spectre

The National Cyber Security Centre is aware of a set of security vulnerabilities known as Meltdown and Spectre that affect modern computer and mobile device processors.   Applying the latest security updates from vendors should reduce vulnerability to these issues.

More information on response to Meltdown and Spectre is available from the United States National Cybersecurity & Communications Integration Centre – part of the US Department of Homeland Security.

See https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities

and https://www.us-cert.gov/ncas/alerts/TA18-004A

New Zealand concerned at North Korean cyber activity

The Director-General of the Government Communications Security Bureau (GCSB), Andrew Hampton says he is concerned at international reports which link North Korea to WannaCry. 

WannaCry was a significant global ransomware campaign, launched in May 2017, which encrypted data and demanded a ransom payment to unlock computers in over 150 countries, and significantly affected the UK’s National Health Service.

“Cyber threat analysis from a range of sources, including the United States and the United Kingdom, attributes WannaCry to North Korean cyber threat actors,” Mr Hampton said.

“While New Zealand was not significantly impacted by WannaCry, we are not immune from this type of threat. In a globally connected world our relative geographic isolation offers no protection from cyber threats.

“We support the actions of our cyber security partners in calling out this sort of reckless and malicious cyber activity.

“In the 12 months from June 2016 to June 2017 nearly one third (122) of the 396 serious incidents recorded by the GCSB’s National Cyber Security Centre involved indicators that have previously been linked to state-sponsored actors.

“Cyber threats continue to increase, in part because of New Zealand’s global connectivity but also because the cost barriers are low, and getting lower, while the potential for harm is vast.

“The GCSB has two main functions, collecting intelligence in accordance with the Government’s priorities and providing cyber security and information assurance services to organisations of national significance, from both the public and private sector.

“As part of this work, the Cortex cyber security programme has been rolled out to a group of nationally significant organisations in the public and private sectors.

 “An independent assessment of the Cortex programme showed that over a 12 month period it has saved New Zealand’s most important organisations around $40 million in harm.” 

A copy of the 2016-17 Unclassified Cyber Threat Report can be accessed here 

Media contact: media@nzic.govt.nz  (04) 462-9811

 

December 2017 New Zealand Information Security Manual

The New Zealand Information Security Manual (NZISM) has been updated to include new guidance on audit evidence, cable trays and clarification on emergency procedures.

The December 2017 NZISM v2.7 updates the previous edition NZISM v2.6 which was published in July 2017.

Changes include new paragraphs on Audit Evidence (Section 4.3); Cable Trays (Section 10.1); and updates to Emergency procedures (Section 5.7).  Extensive work has also been done in updating Section 23.2 Glossary of Terms, including new terms such as Accountable material and Codewords.  

A large number of supporting amendments and other minor and editorial updates have also been completed as points of clarification and to aid policy interpretation, as well as minor wording changes for the purposes of clarification.

All new materials and amendments are designed to simplify approaches while maintaining existing levels of governance and assurance. 

2016-17 Unclassified Cyber Threat Report

NCSC 2016-17 Unclassified Cyber Threat Report

The National Cyber Security Centre has produced an unclassified cyber threat report for the 2016-17 reporting year. 

The report highlights achievements, including completing the roll out of our CORTEX cyber defensive capabilities, and identifies some of the key cyber threats impacting on New Zealand’s important systems and networks. 

It notes that advanced cyber threats have the potential to cause $640m harm annually to New Zealand’s organisations of national significance and that the operation of the NCSC’s cyber defence capabilities reduced harm by $39.47m in the 2016–17 year. 

The report also notes that the NCSC recorded 396 incidents for the 2016-17 year, an increase of 58 over the previous year. The increase reflects the evolving threat landscape and the NCSC’s increased capacity to detect and respond to threats. 

Given the NCSC’s primary focus on nationally significant organisations and cyber threats with the potential to have a high impact, these numbers reflect only a small proportion of the total cyber harm occurring in New Zealand.

Security Vulnerabilities in Wi-Fi Protected Access II (WPA2)

The National Cyber Security Centre (NCSC) is aware of reports of security vulnerabilities in Wi-Fi Protected Access II (WPA2), this has been labelled as ‘KRACK attack’.  

The NCSC provides services to government agencies, critical infrastructure providers and organisations of national significance, to assist them to defend against cyber-borne threats.

The NCSC recommends our customers refer to the following US CERT advisory:

https://www.us-cert.gov/ncas/current-activity/2017/10/16/CERTCC-Reports-WPA2-Vulnerabilities

Members of the public and other organisations wanting further information can refer to guidance on the CERT NZ website:

https://www.cert.govt.nz/businesses-and-individuals/recent-threats/krack-attack-security-vulnerabilities-affecting-wifi-enabled-devices

Petya Ransomware Campaign

New Zealand cyber security agencies are aware of international reports of a new international ransomware campaign identified as “Petya”.

Response to WannaCry global ransomware attack

New Zealand cyber security authorities are aware of a significant international ransomware campaign - WannaCry.

The attack uses malware to encrypt victims data and demands victims pay a ransom to have their data restored.

The National Cyber Security Centre (NCSC) is working with the newly established CERT NZ to help protect New Zealanders from this form of attack.

The NCSC is taking steps to help increase the resilience of New Zealand’s nationally significant systems. These steps include technical measures and provision of mitigation advice.

The NCSC is aware that the ransomware exploits a known vulnerability in Windows operating systems and has previously provided advice to customers on addressing this vulnerability.

We are also working with CERT NZ to provide information on how individuals, small businesses and operators of larger systems can reduce their vulnerability to ransomware attacks.

Neither the NCSC or CERT NZ have received any reports of a New Zealand incidence of this ransomware attack.

If you experience such an attack you should contact https://www.cert.govt.nz/

CERT NZ have more information about this attack at https://www.cert.govt.nz/businesses-and-individuals/recent-threats/alert-wannacry-ransomware-used-in-large-scale-international-attacks

NCSC Cyber Security Advisory NCSC-C-2016-620

On 2 November 2016, the NCSC was made aware that a targeted spearphishing campaign against a New Zealand Health Sector organisation had been successful.

Cyber Security Advisory CSA-007-16

Several organisations have received extortion emails threatening a Distributed Denial of Service attack (DDoS) unless a payment in Bitcoins is made.

NCSC Security Advisory - NCSC-EV-2015-126

NCSC is aware of a recent campaign involving credential harvesting attacks in the form of spear phishing emails targeting different government agencies.

Windows 10 upgrade scam

A new scam in relation to downloading Microsoft windows 10 operating system has been identified.

Notification of Bash Bug Advisory

A new vulnerability (CVE-2014-6271) in the Bash command-line interpreter poses a critical security risk to Unix and Linux systems including Apple OSX.

Connect Smart

Connect Smart week runs from Monday 16 June to Friday20 June, and has been organised by the National Cyber Policy Office.

Cyber threats continue to rise

The number of cyber incidents recorded by the National Cyber Security Centre (NCSC) increased by more than 60% in 2013.

NCSC advisory - OpenSSL Vulnerability

OpenSSL versions 1.0.1 through 1.0.1f contain a flaw allowing an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library.

Mobile Electronic Device

The NCSC has released an advisory for mitigating the risks associated with mobile electronic devices.

NCSC Plesk Advisory

A security researcher has released details of a significant zero day vulnerability in some versions of the Plesk server management software.

Cyber Security Awareness Week

Cyber Security Awareness Week (CSAW) begins on Monday, 27 May. CSAW is being run by NetSafe and a number of events are planned.

New Training to Address Cyber Security Risk

A new cyber security and information assurance course has been launched by the Wellington Institute of Technology (WelTec) in collaboration with the GCSB.

NCSC – 2012 Incident Report Summary

NCSC has reported a significant increase in reported attacks against NZ government agencies, critical national infrastructure, and private sector orgs in 2012.

NZ-UK joint statement on cyber security

NZ Foreign Minister and the visiting Foreign Secretary of the UK have committed the two countries to working more closely together to address cyber security.

Apple QuickTime 7.7.3 Released

Apple have released QuickTime 7.7.3 for Windows 7, Vista, XP SP2 or later, in order to address several critical security vulnerabilities.

Sophos Anti-Virus Vulnerabilities

A recent report has described multiple vulnerabilities that have been identified in Sophos Anti-Virus products, prompting Sophos to issue a security advisory.


Back to Top

Top 35 Mitigation Strategies Updated

The Defence Signals Directorate (DSD) have released an October 2012 update to their Top 35 Strategies to Mitigate Targeted Cyber Intrusions.

Revocation of Adobe Code Signing Certificate

Adobe has announced plans to revoke a code signing certificate that appears to have been misused. The attached advisory contains further information.

Java Vulnerability Patch Released

This advisory is to report that Oracle has now released a patch to address the recently reported Java vulnerability (CVE-2012-4681).

iOS Hardening Configuration Guide

The iOS Hardening Configuration Guide issued in March 2012 by DSD, for iPod Touch, iPhone and iPad devices running iOS 5.1, is available from the DSD website.

Product Support Advisory

The NCSC has released an advisory recommending the best practises for all New Zealand Government ICT systems in relation to product support.