Malicious Cyberattacks in New Zealand Double in a Year28% of All Attacks Linked to State Actors, Country's Cybersecurity Agency Says
Cyberattacks perpetrated by criminally or financially motivated bad actors in New Zealand have nearly doubled from 14% in 2019-20 to 27% over the past year, according to the country's cybersecurity center.
The sharp spike is a reflection of increased disruptive ransomware and DoS/DDoS incidents against the country's "nationally significant organizations," according to a cyberthreat report from the New Zealand National Cyber Security Center, or NCSC.
Criminal or financially motivated threat actors share resources and outsource parts of their work, such as developing new malware, to other groups, according to the report, which notes that the threat actors aim to apply pressure and extort payments from high-value, high-reward victims by deliberately disrupting critical services.
"The use of these tactics makes it all the more difficult to distinguish between state-sponsored threat actors and nonstate-sponsored ones," the report says.
Of the 404 cybersecurity incidents recorded in 2020-21 - a 15% increase from the previous year - 28% showed links to suspected state-sponsored threat actors, the report says. The number, however, is 2% lower than in 2019-20.
New Zealand’s NCSC attributes the marginal reduction to an increase in the proportion of criminal or financially motivated incidents. But the agency says 113 incidents linked to state-sponsored threat actors are still a cause for concern.
According to the report, the NCSC says state-sponsored cyberattacks are less likely to disrupt services or cause harm, but their impact on the nation's economy and international posture "is very real."
Fighting Against Threats
The NCSC's detection and disruption of malicious cyber activity prevented NZ$119 million - or $83.4 million - worth of damage to the country's "nationally significant organizations" in 2020-21, says the NCSC Director Lisa Fong. The number for 2019-20 was NZ$70 million - or $49.1 million, she adds.
Since its inception in 2016, New Zealand's NCSC has prevented an estimated $284 million worth of harm due to malicious cyber activity targeting the island nation, according to the report. The trend is a reflection of high-profile cases of disruptive ransomware and distributed denial of service, or DDoS, attacks on New Zealand's public and private organizations, Fong says.
“Malicious cyber actors are increasingly using automated scanning to identify cybersecurity vulnerabilities, with actors returning to select high-value targets to exploit," she says.
According to the NCSC, successful threat actors hide their intrusions while stealing information to gain geostrategic and political advantage. Fong says that state actors sometimes work alongside or provide havens for criminal groups.
The NCSC says it is proactively engaging with organizations from various sectors to increase New Zealand's cyber resilience.
Assessing 250 organizations in the country in 2020-21, the agency published its learnings and security guidelines for supply chain security and incident management. It also published a range of security advisories based on its 1,872 engagements with 200 New Zealand-based organizations.
In addition to sharing threat information with its customer base, the NCSC intervenes when a threat is detected and deploys its incident response team to aid the targeted organization.
Its Malware Free Networks service provides threat intelligence to organizations by combining commercial threat intelligence with advanced cyber defense capabilities sourced from the NCSC's international partnerships with other institutions.
High-Profile Incidents in 2020-21
According to the NCSC, the three biggest cybersecurity incidents in the country in 2020-21 included the data breach of its reserve bank, the Waikato District Health Board ransomware attack, and the DDoS attack on the country's stock exchange.
In January 2021, the Reserve Bank of New Zealand reported a data breach of the third-party file-sharing software application Accellion FTA. The threat actors accessed sensitive information belonging to organizations and individuals, and the cost of the breach response was $3.5 million, the statement said. It did not provide details such as the extent of the data breach, citing security reasons.
The Waikato District Health Board ransomware incident in May 2021 crippled the IT systems of five hospitals. The ransomware operators released the personal information of 4,200 New Zealanders on the dark web, according to the local daily Waikato Times.
In August 2020, the website of the New Zealand Stock Exchange was targeted with a DDoS attack by the Lazarus APT group, and trading had to be halted for the day. According to Bloomberg's report, the Lazarus group, in its email to the stock exchange, threatened to launch DDoS attacks on its entire network if the exchange board turned down its initial ransom demand of 20 bitcoins.
When the exchange moved its servers out of harm's way, the Lazarus group actors began to target listed companies on the New Zealand stock exchange, which ultimately halted operations for four days, the report said.