Getting your Trinity Audio player ready...
|
Ransomware continues to inflict significant costs and demand extensive recovery efforts for organisations in New Zealand and globally. The National Cyber Security Centre’s (NCSC) annual Cyber Threat Report reveals a concerning trend, with a record-high 28% of incidents attributed to likely criminal or financially motivated actors. This evolving threat landscape underscores the urgent need for robust cybersecurity measures and proactive responses to safeguard against ransomware attacks in the financial sector.
Lisa Fong, Deputy Director-General of the Government Communications Security Bureau (GCSB), responsible for the NCSC, said that the growing availability of practical cyber tools, compromised credentials, and vulnerabilities in public-facing infrastructure has made it easier for cyber actors to work at scale, and with the sophistication required to cause national-level harm.
“Domestically and internationally, the NCSC has seen heightened determination from cyber-criminal actors attempting to extort payment from organisations,” said Ms Fong.
Ransomware and extortion activity comprise a significant portion of the confirmed criminal activity the NCSC observes. Ms Fong added that the number of ransomware incidents recorded by the NCSC has remained relatively consistent over the last three years. Still, the impact on Aotearoa, New Zealand, has almost certainly increased, especially in the fiscal and financial sectors.
Despite a decrease in the overall number of incidents reported by the NCSC, the incidents identified through NCSC capabilities increased annually. Ms Fong noted that over the past four fiscal years, the incidents detected by NCSC capabilities have constituted approximately one-third of the total recorded incidents.
In the 2022/2023 fiscal year, MFN, the NCSC’s threat detection and disruption service, broadened its coverage by welcoming new partners. Another notable achievement for the NCSC this year was the successful delivery of MFN to a significant domestic customer base of a telecommunications service provider.
The NCSC’s advances in cyber defence capabilities have enabled it to expand services to numerous organisations, including individual home users. “These growing and deepening partnerships have led to the NCSC providing unprecedented threat protection, benefiting millions of New Zealanders through MFN,” Ms Fong addressed.
The increased activity of financially motivated cyber actors this year underscores the imperative for nationally significant organisations to uphold strong cybersecurity measures. The Cyber Threat Report outlines several recurring tactics used effectively in high-impact incidents and provides mitigations to prevent these.
Cyber Threat Report addresses include phishing campaigns, ransomware attacks, supply chain compromises, and vulnerabilities in public-facing infrastructure. These tactics have been observed in high-impact incidents, posing significant risks to organisations and their data.
The report provides detailed guidance and best practices to mitigate these threats, emphasising the importance of proactive cybersecurity measures to counter the evolving strategies employed by malicious cyber actors. Staying informed and implementing recommended mitigations is essential to bolster the defence of nationally significant organisations and their critical assets.
In the future, New Zealand organisations will have to establish robust processes encompassing technical controls and cybersecurity governance. The NCSC anticipates a year of growth and transformation, welcoming the Computer Emergency Response Team New Zealand (CERT NZ) as a partner. This collaboration will harness combined strengths, making Aotearoa a more agile and effective operational agency poised to address the increasing cybersecurity challenges confronting individuals and businesses in New Zealand.