New Zealand / Technology

Cyber threats continue to increase in New Zealand, new report finds

18:48 pm on 16 November 2021

A new report has found cyber threats are continuing to grow in New Zealand, as attacks become more sophisticated.

Photo: 123rf.com

The annual National Cyber Security Centre threat report, released today, shows there were 404 incidents impacting nationally significant organisations in the 2020/21 financial year.

This was a 15 percent increase on last year's total.

Twenty-eight percent showed links to suspected state-sponsored actors, while about the same amount were criminally and financially motivated.

There have been several high-profile cyber attacks in New Zealand recently, including the NZX, banks, and Waikato Hospital.

The centre's director, Lisa Fong, said there had been a sharp increase in criminal activity, jumping from 14 percent of all incidents last year to 27 percent this year.

"This is a trend that has been reflected in public reporting of high-profile cases of disruptive ransomware and denial-of-service attacks affecting New Zealand private and public sector organisations.

"Malicious cyber actors are increasingly using automated scanning to identify cyber security vulnerabilities, with actors returning to select high-value targets to exploit. Criminal actors will typically look to disrupt critical services and publish stolen material to the internet and to media outlets in an attempt to apply further pressure on a victim to expedite their extortion demands."

The proportion of state-linked malicious cyber activity was down slightly from last year's 30 percent but that was because of the greater proportion of criminal incidents recorded.

"State-sponsored activity is less likely to disrupt services and, indeed, sophisticated actors will go to great lengths to hide their activity from detection, while attempting to extract valuable data that may help in gaining a geostrategic or political advantage," Fong said.

"It is becoming increasingly difficult to distinguish between state and criminal actors, particularly in cases where we are able to intervene early, but also because the line between state and criminal is becoming increasingly indistinct. State actors sometimes work alongside or provide havens for criminal groups, and we are increasingly seeing criminal groups now using capabilities once only used by sophisticated state actors."

In the 2020/21 year, 26 percent of incidents had insufficient information to assess anything about the actor responsible or their motivation. The remainder of recorded incidents was made up of proactive work by the centre or events such as a data leak where the centre was unable to investigate any further.

The centre estimated it prevented $119 million of harm to New Zealand organisations this year.

Since June 2015, when the centre first started operating its prevention capabilities, it had prevented about $284m of malicious activity.