Criminal cyber attacks targeting Aotearoa New Zealand skyrocketed in numbers over the last year and continued to grow in sophistication.
Releasing the annual National Cyber Security Centre (NCSC) cyber threat report today, NCSC director Lisa Fong said the level and type of malicious cyber activity observed in New Zealand in the past 12 months largely matched what was being seen internationally, with both ransomware and a rapid exploitation of internet-facing systems a common trend.
Generally, the NCSC does not comment publicly on incidents or victims of malicious cyber activity. However, in 2021, the GCSB publicly disclosed the NCSC’s involvement in three high-profile incidents.
These included assisting the Reserve Bank of New Zealand following a data breach, providing support to the Waikato District Health Board following a ransomware incident, and advising NZX with respect to a series of distributed denial of service incidents targeting Aotearoa New Zealand’s stock exchange.
All three were rated as "C2" incidents, or highly significant, and all attracted "well-warranted public concern," the report said.
Fong said criminal activity represented 27 per cent of recorded cases in the past year, up from 14 per cent last year.
"This is a trend that has been reflected in public reporting of high-profile cases of disruptive ransomware and denial-of-service attacks affecting New Zealand private and public sector organisations," Fong said.
“Malicious cyber actors are increasingly using automated scanning to identify cyber security vulnerabilities, with actors returning to select high-value targets to exploit."
Criminal actors will typically looking to disrupt critical services and publish stolen material to the internet and to media outlets in an attempt to apply further pressure on a victim to expedite their extortion demands, Fong said.
While the proportion of state-linked malicious cyber activity was down slightly from last year’s 30 per cent, this was because of the greater proportion of criminal incidents recorded.
The report showed there were 404 incidents affecting nationally significant organisations in the 2020/21 year, a 15 per cent increase on last year.
These numbers reflect the NCSC’s focus is on incidents affecting New Zealand’s nationally significant organisations, and on incidents likely to have a national impact, which means the numbers represent just a small proportion of the total incidents affecting New Zealand
Of the total number of incidents, 28 per cent showed links to suspected state-sponsored actors, while a similar proportion, 27 per cent, were likely criminal and financially motivated.
“State-sponsored activity is less likely to disrupt services and, indeed, sophisticated actors will go to great lengths to hide their activity from detection, while attempting to extract valuable data that may help in gaining a geostrategic or political advantage,” Fong said.
“It is becoming increasingly difficult to distinguish between state and criminal actors, particularly in cases where we are able to intervene early, but also because the line between state and criminal is becoming increasingly indistinct."
State actors sometimes worked alongside or provide havens for criminal groups, and the NCSC was increasingly seeing criminal groups using capabilities once only used by sophisticated state actors.
The NCSC continues to build and grow New Zealand’s cyber defence capabilities, most recently through the successful pilot and delivery of Malware Free Networks (MFN), which has already disrupted more than 2000 malicious cyber events in 12 months.
MFN is a scalable malware detection and disruption service that involves the NCSC generating and sharing cyber threat intelligence with partners including internet service providers and managed service providers, who deliver detection and disruption services to their customers.
NCSC said its cyber defence capabilities prevented an estimated $119 million in harm to New Zealand’s nationally significant organisations in 2020/21.
In addition to supporting the COVID-19 vaccine rollout, assistance was provided to ensure the 2020 general election was conducted free from cyber interference. The NCSC is also providing assistance to agencies involved with New Zealand’s virtual hosting of the Asia-Pacific Economic Cooperation (APEC) forum.