National cybersecurity agency also observes rise in automated probing for web security flaws

New Zealand’s National Cyber Security Centre (NCSC) has observed a 15% year-on-year jump in cyber-attacks against the country’s “nationally significant” organizations.

More than 400 such incidents were recorded between July 1, 2020, and June 30, 2021, up from 352 a year earlier, according to the NCSC’s latest annual threat report, published today (November 16).

More alarmingly still, the proportion of these incidents that reached the post-compromise stage – where threat actors manage to access and move laterally through networks or otherwise cause the victim harm – more than doubled, from 15% to 33%.


RECOMMENDED Black Hat Europe: Laws and regulations need to change to secure world’s digital infrastructure


The other 67% of attacks failed to get past pre-compromise phases like network scanning, brute-forcing of credentials, and attempts to exploit vulnerable software.

Ransomware and denial-of-service attacks, both rife in line with international trends, accounted for a significant share of post-compromise attacks against New Zealand-based targets.

Outrunning the patching cycle

The most widely deployed attack technique was the identification via automated scanning and exploitation of security vulnerabilities in public-facing applications.

Adversaries, noted the NCSC, were increasingly able to exploit software flaws faster than even the most security-conscious, well-resourced organizations could patch them – sometimes within a day or two of their public disclosure.

By contrast, phishing is becoming a noticeably less effective means of infiltrating networks as organizations and their employees wise up to the threat, the agency observed.

Rise of ransomware

There was a near doubling in the proportion of attacks attributed to criminally or financially motivated – as opposed to state-sponsored – threat actors, observed the NCSC.

The 110 incidents of this nature tracked in the latest reporting period accounted for 27% of all incidents, up from 14% year on year.

“This is a trend that has been reflected in public reporting of high-profile cases of disruptive ransomware and denial-of-service attacks affecting New Zealand private and public sector organizations,” said NCSC director Lisa Fong.

Blurred lines

The 28% of attacks linked to state-sponsored actors reflected a rise in absolute terms.

One marker of nation state-backed attacks is their stealthier nature, suggested Fong.

State-sponsored activity is less likely to disrupt services and, indeed, sophisticated actors will go to great lengths to hide their activity from detection, while attempting to extract valuable data that may help in gaining a geostrategic or political advantage,” she said.


Read more of the latest critical infrastructure security news


However, distinguishing between state and criminal actors is increasingly tricky as the distinctions blur, noted Fong.

“State actors sometimes work alongside or provide havens for criminal groups, and we are increasingly seeing criminal groups now using capabilities once only used by sophisticated state actors,” she said.

Harms averted

The NCSC estimates that its detect-and-disrupt capabilities have prevented NZ$119 million (US$84 million) worth of harm from being visited upon New Zealand’s critical organizations in the past 12 months through incidents averted or mitigated, and NZ$284 million (US$200 million) since 2016.

In particular, the agency trumpeted the impact of its Malware Free Networks service, which shares threat intelligence with partners such as internet service providers.

The NCSC estimates the service disrupted more than 2,000 malicious attacks and incidents in its first 12 months of operation.


DON’T FORGET TO READ Vulnerability in FBI email infrastructure allowed malicious actor to send false cyber-attack warnings to thousands