National Cyber Security Centre Releases Annual Threat Report

Serious cyber threats targeting Aotearoa New Zealand continue to grow with an increase of the frequency and sophistication of incidents recorded in the last year.

The annual National Cyber Security Centre (NCSC) Cyber Threat Report, released today, shows there were 404 incidents affecting nationally significant organisations in the 2020/21 year, a 15% increase on last year’s total.

These numbers reflect the NCSC’s focus is on incidents affecting New Zealand’s nationally significant organisations, and on incidents likely to have a national impact, which means these numbers represent just a small proportion of the total incidents affecting New Zealand

Of the total number of incidents, 28% showed links to suspected state-sponsored actors, while a similar proportion (27%) were likely criminal and financially motivated.

NCSC Director Lisa Fong said the level and type of malicious cyber activity observed in New Zealand in the past 12 months largely matched what was being seen internationally, with both ransomware and a rapid exploitation of internet-facing systems a common trend.

“We have seen a sharp increase in recorded criminal activity (27%) in the past year, which is a jump from 14% last year. This is a trend that has been reflected in public reporting of high-profile cases of disruptive ransomware and denial-of-service attacks affecting New Zealand private and public sector organisations.

“Malicious cyber actors are increasingly using automated scanning to identify cyber security vulnerabilities, with actors returning to select high-value targets to exploit.

“Criminal actors will typically look to disrupt critical services and publish stolen material to the internet and to media outlets in an attempt to apply further pressure on a victim to expedite their extortion demands.”

While the proportion of state-linked malicious cyber activity is down slightly from last year’s 30%, this is because of the greater proportion of criminal incidents we have recorded.

“State-sponsored activity is less likely to disrupt services and, indeed, sophisticated actors will go to great lengths to hide their activity from detection, while attempting to extract valuable data that may help in gaining a geostrategic or political advantage,” Lisa Fong said.

“It is becoming increasingly difficult to distinguish between state and criminal actors, particularly in cases where we are able to intervene early, but also because the line between state and criminal is becoming increasingly indistinct.

“State actors sometimes work alongside or provide havens for criminal groups, and we are increasingly seeing criminal groups now using capabilities once only used by sophisticated state actors.”

In the 2020/21 year, 26% of incidents had insufficient information to assess anything about the actor responsible or their motivation. The remainder of recorded incidents was made up of proactive work by the NCSC, or events such as a data leak where the NCSC was unable to investigate any further.

About $119 million worth of harm prevented

Our analysis based on an independently devised model indicates the detection and disruption of malicious cyber activity through the NCSC’s cyber defence capabilities prevented an estimated $119 million in harm to New Zealand’s nationally significant organisations in 2020/21.

Since June, 2016, when the NCSC first started operating those capabilities, we have prevented harm from malicious cyber activity by approximately $284 million.

Malware Free Networks

The NCSC continues to build and grow New Zealand’s cyber defence capabilities, most recently through the successful pilot and delivery of Malware Free Networks (MFN), which has already disrupted more than 2000 malicious cyber events in 12 months. MFN is a scalable malware detection and disruption service that involves the NCSC generating and sharing cyber threat intelligence with partners including internet service providers and managed service providers, who deliver detection and disruption services to their customers.

Other areas of focus

The 2020/21 year saw three significant events that involved the NCSC. In addition to supporting the COVID-19 vaccine rollout, assistance was provided to ensure the 2020 General Election was conducted free from cyber interference. The NCSC is also providing assistance to agencies involved with New Zealand’s virtual hosting of the Asia-Pacific Economic Cooperation (APEC) forum.

About the NCSC

The National Cyber Security Centre (NCSC) is a part of the Government Communications Security Bureau (GCSB). The NCSC operates the GCSB’s cyber defence capabilities and leads cyber security engagement with New Zealand’s organisations of national significance to protect their information systems from high-impact and advanced cyber-borne threats. The NCSC is the lead organisation for responding to cyber threats that could have an impact on national security and well-being.

The NCSC provides incident response services to help New Zealand organisations address potentially high-impact cyber security events. The NCSC also provides cyber security resilience assessment and advice, and advice on addressing new cyber security vulnerabilities when they are identified.

© Scoop Media