Menu
Warning: more state-sponsored attacks are getting through NZ's defences

Warning: more state-sponsored attacks are getting through NZ's defences

More attacks are being identified after systems have been compromised

More state sponsored attacks appear to be succeeding.

More state sponsored attacks appear to be succeeding.

Credit: Dreamstime

The National Cyber Security Centre is reporting that New Zealand organisations are facing an increasing risk of successful compromise by state-sponsored attacks.

Seventeen per cent of the incidents identified during the year to the end of June 2019 were characterised as "post compomise" (see chart). 

The NCSC's annual cyber threat report, released yesterday, said 38 per cent of the cyber incidents it identified had links to state sponsored actors in the year to the end of June 2019.

"While this is the same proportion as the previous year, a greater number of state sponsored linked incidents were characterised as post-compromise," the report said.

"State-sponsored cyber activity is generally more sophisticated than criminal or non-state activity, a reflection of the greater resources and motivations of the state."

State-sponsored incidents impacted a variety of New Zealand organisations in multiple industries, the report said.

"Organisations in both the public and private sectors hold a wealth of information that is attractive to other states, from intellectual property for new technology innovations through to customer data, business and pricing strategies or government positions on sensitive topics."

NCSC sees more attacks getting through corporate and government defences.Credit: Supplied
NCSC sees more attacks getting through corporate and government defences.

The sophistication of the attacks can also increase the difficulty of detecting and mitigating activity. 

The NCSC defines a cyber security incident as an occurrence or activity that appears to have degraded the confidentiality, integrity or availability of data within an information infrastructure. 

The agency groups incidents into two categories with four phases: the pre-compromise category comprises preparation and engagement phases, while the post-compromise incidents category comprises presence and effect phases.

The goal of post-compromise incidents is to ensure ongoing access to a network, and to exfiltrate data or disrupt infrastructure or systems, NCSC explained.

"These types of incidents range from internal network reconnaissance and keystroke logging, to encrypting, locking or exfiltration of files," the agency said. 

"Remediation of incidents that reach the post-compromise phase can have significant impacts for the affected organisation, depending on the nature and extent of the intrusion."

The NCSC became aware of a sophisticated cyber actor exploiting a known vulnerability in a web server software component used by a number of New Zealand organisations, it said by way of example. 

"When exploited, actors could install malware to obtain ongoing access to compromised servers. Analysis by the NCSC determined the actor then used this access point to move deeper into the network, by deploying password stealing tools such as Mimikatz or exploiting other vulnerabilities on the wider network."

The NCSC said it worked with the organisations known to be using the web server software component to identify the scope of the compromise, review the actor’s activity, and provide remediation advice to secure the networks.

"Out-of-date software remains a key weakness affecting the cyber security of New Zealand organisations," the agency said. 

"This can be addressed through security patching, and should also include assessing the security of the components included in software products, such as website modules or extensions."

The NCSC is a unit of the Government Communications Security Bureau (GCSB).


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber securityThreat ReportNCSC

Featured

Slideshows

Reseller News Platinum Club celebrates leading partners in 2019

Reseller News Platinum Club celebrates leading partners in 2019

The leading players of the New Zealand channel came together to celebrate a year of achievement at the annual Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months.

Reseller News Platinum Club celebrates leading partners in 2019
Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosted its second annual alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers. Photos by Gino Demeer.

Reseller News hosts alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Show Comments