Current Activity


NCSC advice in response to global cyber intrusion campaign

6 April, 2017 

The National Cyber Security Centre (NCSC) is aware of a global cyber intrusion campaign targeting multi-national IT service providers.

Given the global nature of the campaign our response has been informed through consultation with our security partners.

There is no suggestion that this campaign is targeting the general public or small to medium enterprises.

The NCSC has provided advice on threat protection and response to key government and private sector organisations.

Our recommendations to organisations include:

  1. Carry out an investigation to check networks for any of the indicators included in the PwC UK and BAE systems reports.
  2. Audit administrative access into your organisation’s networks (especially via third parties) and carry out the recommendations in the NCSC Advisory NCSC CSA-006-17

We note that IP addresses in isolation are not considered to be strong indicators of a compromise. Activity related to IP addresses should be examined in the context of overall network traffic within each organisation to determine whether or not it may be malicious.

If you identify any activity that appears to be malicious, or would like to discuss this particular threat further, please call the NCSC incident line on  04 498 7654.

Some open source reporting:

https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html

http://www.baesystems.com/en/cybersecurity/blog/apt10-operation-cloud-hopper

 

NCSC Cyber Threat Report 2015/16

9 March, 2017

National Cyber Security Center (NCSC) recorded 338 cyber security incidents in the 12 months 30 June 2016.

Information about these incidents is contained in a cyber threat report prepared by the NCSC to help increase understanding about the nature and extent of the cyber threats facing New Zealand's siginificant organisations.

NCSC Director Lisa Fong says the report highlights the range of threats the NCSC has identified and responded to.

She says while the report highlights that cyber threats facing New Zealand are continuing to increase it is likely that the threats recorded represent only a small proportion of the total incidents impacting on New Zealand and New Zealanders.

She says the threats the NCSC has identified targeting New Zealand organisations are consistent with those identified by cyber security providers domestically and internationally.

The report provides an overview of the work of the NCSC and an outline of some of the common types of threats impacting on New Zealand organisations.

The Cyber Threat Report is available here

NCSC Cyber Security Advisory NCSC-C-2016-620

On 2 November 2016, the NCSC was made aware that a targeted spearphishing campaign against a New Zealand Health Sector organisation had been successful.

Cyber Security Advisory CSA-007-16

Several organisations have received extortion emails threatening a Distributed Denial of Service attack (DDoS) unless a payment in Bitcoins is made.

NCSC Security Advisory - NCSC-EV-2015-126

NCSC is aware of a recent campaign involving credential harvesting attacks in the form of spear phishing emails targeting different government agencies.

Windows 10 upgrade scam

A new scam in relation to downloading Microsoft windows 10 operating system has been identified.

Notification of Bash Bug Advisory

A new vulnerability (CVE-2014-6271) in the Bash command-line interpreter poses a critical security risk to Unix and Linux systems including Apple OSX.

Connect Smart

Connect Smart week runs from Monday 16 June to Friday20 June, and has been organised by the National Cyber Policy Office.

Cyber threats continue to rise

The number of cyber incidents recorded by the National Cyber Security Centre (NCSC) increased by more than 60% in 2013.

Mobile Electronic Device

The NCSC has released an advisory for mitigating the risks associated with mobile electronic devices.

NCSC Plesk Advisory

A security researcher has released details of a significant zero day vulnerability in some versions of the Plesk server management software.

Cyber Security Awareness Week

Cyber Security Awareness Week (CSAW) begins on Monday, 27 May. CSAW is being run by NetSafe and a number of events are planned.

New Training to Address Cyber Security Risk

A new cyber security and information assurance course has been launched by the Wellington Institute of Technology (WelTec) in collaboration with the GCSB.

NCSC – 2012 Incident Report Summary

NCSC has reported a significant increase in reported attacks against NZ government agencies, critical national infrastructure, and private sector orgs in 2012.

NZ-UK joint statement on cyber security

NZ Foreign Minister and the visiting Foreign Secretary of the UK have committed the two countries to working more closely together to address cyber security.

Apple QuickTime 7.7.3 Released

Apple have released QuickTime 7.7.3 for Windows 7, Vista, XP SP2 or later, in order to address several critical security vulnerabilities.

Sophos Anti-Virus Vulnerabilities

A recent report has described multiple vulnerabilities that have been identified in Sophos Anti-Virus products, prompting Sophos to issue a security advisory.

Top 35 Mitigation Strategies Updated

The Defence Signals Directorate (DSD) have released an October 2012 update to their Top 35 Strategies to Mitigate Targeted Cyber Intrusions.

Revocation of Adobe Code Signing Certificate

Adobe has announced plans to revoke a code signing certificate that appears to have been misused. The attached advisory contains further information.

Java Vulnerability Patch Released

This advisory is to report that Oracle has now released a patch to address the recently reported Java vulnerability (CVE-2012-4681).

iOS Hardening Configuration Guide

The iOS Hardening Configuration Guide issued in March 2012 by DSD, for iPod Touch, iPhone and iPad devices running iOS 5.1, is available from the DSD website.

Product Support Advisory

The NCSC has released an advisory recommending the best practises for all New Zealand Government ICT systems in relation to product support.

ICO’s Practical IT Security Guidance

Adopting good security practises and securing information is as crucial for small to medium enterprises as it is the larger private and public sector agencies.