Major financially motivated cyber attacks in New Zealand have exceeded those launched by nation-states for the first time, and AI looms as an ever-greater weapon, a new report says.
In its latest annual threat report, the National Cyber Security Centre said the potential impact was growing - though the number of major attacks dropped slightly, to 316.
It had "observed rapid advances in AI and early signs of it being used in malicious cyber activity overseas".
"AI can quickly synthesise derivative malware that could evade technical detection capabilities.
"Big data could also enable the reconnaissance function of a malicious cyber campaign, including surmising connections between disparate pieces of personal or network information, or painting a picture of a victim's preferences, to inform the malicious cyber actor's approach."
But AI could also be used to detect and track threats, for instance, by spotting patterns in seemingly "innocuous actions", the report said.
The centre estimated it had deflected $65 million of harm to nationally significant organisations - such as those that run power, waste or water systems.
"We see heightened determination from cyber-criminal actors attempting to extort payment from organisations," deputy director-general Lisa Fong said in the introduction.
The centre recorded 90 financial attacks, versus 73 attacks with links to nation-states.
"Sophisticated" cyber operators in China "were able to use legitimate tools existing on victim networks to maintain access to significant targets overseas, without detection", the 15-page report said.
As for Russia, the main threat due to the Ukraine war was "indirect cyber targeting, affecting our critical supply chains".
The domination of Big Tech here and overseas was noted as both a negative and a positive.
"A coalescence of security services into the hands of a few cloud-based suppliers has provided security gains and, equally, incentive and opportunities for cyber threat actors."
Attackers were probably learning from going up against the more advanced systems.
Big Tech firms AWS, Microsoft and Google increasingly dominate the shifting of public data in New Zealand from computer systems sited at government agencies, to hyperscale datacentres run by the US firms.
The centre prioritised according to potential impact.
"A handful of significant incidents in a fiscal year would more radically change the domestic landscape than hundreds of minor incidents because the potential impact on critical services, society, and the economy would be greater," it said.
The year's most significant attacks were mid-priority so-called C3 ones, "predominantly associated with disruptive ransomware or other extortion activity".
One C3 attack on a local government organisation was "likely by a sophisticated malicious cyber actor seeking data for espionage purposes".
The attacker targeted a device via known vulnerabilities in a commonly used security product, then moved laterally within the victim's network, before being detected.
Across the Tasman, the federal government put out its first critical infrastructure risk review this week, which concluded that espionage and foreign interference were the main threats.
On top of that, dark web job adverts were targeting "disgruntled employees" as a recruitment tool to exploit insider access, it said.
The National Cyber Security Centre said this illustrated "the stealthy compromise of overseas critical infrastructure by state-sponsored malicious actors".
The centre recently took over the functions of the Computer Emergency Response Team, CERT NZ, from the Ministry of Business, Innovation and Employment.
"New Zealanders stand to benefit from the consolidation of our mandates," it said.