New Zealand National Cyber Security Centre Incident Summary

Similar documents
Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Evolution of Spear Phishing. White Paper

Cybersecurity and Hospitals: A Board Perspective

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

2017 Annual Meeting of Members and Board of Directors Meeting

CYBER RESILIENCE & INCIDENT RESPONSE

Security Awareness Training Courses

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

POSITION DESCRIPTION

Defending Our Digital Density.

Office 365 Buyers Guide: Best Practices for Securing Office 365

Emergency response plan in the event of an attack against information systems or. a technical flaw in the information systems

Security & Phishing

Cyber Threat Report. National Cyber Security Centre. Unclassified

Cyber Security Strategy

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Cybersecurity, Trade, and Economic Development

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Machine-Powered Learning for People-Centered Security

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

External Supplier Control Obligations. Cyber Security

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Business continuity management and cyber resiliency

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

The Cost of Denial-of-Services Attacks

(U) Cyber Threats to the Homeland

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

How to Conquer Targeted Threats: SANS Review of Agari Enterprise Protect

CYBER SECURITY AND DATA PROTECTION Theme: Securing Businesses and Public Transactions. Regional Headquarters, The University of the West Indies, Mona

Protecting information across government

Understanding the Changing Cybersecurity Problem

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber fraud and its impact on the NHS: How organisations can manage the risk

The UK s National Cyber Security Strategy

Cloud Security Standards Supplier Survey. Version 1

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

October 2018 ISPA CYBER SECURITY SURVEY 2018

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Recognizing & Protecting Against Fraud

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Digital Health Cyber Security Centre

CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Cyberspace : Privacy and Security Issues

Cyber Insurance: What is your bank doing to manage risk? presented by

Cybersecurity, safety and resilience - Airline perspective

Statement for the Record

U.S. State of Cybercrime

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Panda Security 2010 Page 1

BRING SPEAR PHISHING PROTECTION TO THE MASSES

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Cyber Crime Update. Mark Brett Programme Director February 2016

Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

POSITION DESCRIPTION

CASE STUDY: REGIONAL BANK

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

TAN Jenny Partner PwC Singapore

Phishing Activity Trends Report October, 2004

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

Are we breached? Deloitte's Cyber Threat Hunting

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016

Cyber Resilience. Think18. Felicity March IBM Corporation

OA Cyber Security Plan FY 2018 (Abridged)

Building a Threat Intelligence Program

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

ITU Regional Cybersecurity Forum for Asia-Pacific

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Governance Ideas Exchange

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

Gujarat Forensic Sciences University

DIGITAL TRUST Making digital work by making digital secure

falanx Cyber Falanx Phishing: Measure your resilience

CERT Development EFFECTIVE RESPONSE

Personal Cybersecurity

Cybersecurity in Government

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

NHS Scotland Cyber Attack: NSS Evidence to Scottish Parliament Health & Sport Committee (Jun 17)

A Forensic Accountant in Cyber Security

HOSTED SECURITY SERVICES

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Cyber Review Sample report

Combating Cyber Risk in the Supply Chain

Transcription:

New Zealand National Cyber Security Centre 2013 Incident Summary

National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly a global issue, and New Zealand organisations are just as vulnerable as organisations in any other part of the world. The 2013 National Cyber Security Centre (NCSC) incident summary reflects incidents which have been detected by the targeted organisations, reported to us, and which we have assessed as significant. International experience indicates that these reported incidents are likely to be the tip of the iceberg in terms of the level of actual threat activity currently occurring on New Zealand networks. Sophisticated threat actors often use tools and techniques which are not readily picked up by commercially available products, or standard network security provision, and therefore can often go undetected. This incident summary is provided as a general indicator of threat activity, to help raise awareness of cyber security as an issue for all New Zealand organisations, regardless of size and the nature of the enterprise. Over the past 12 months, the Bureau, the NCSC and our partners in the National Cyber Policy Office (Department of the Prime Minister and Cabinet) and the Chief Government Information Office (Department of Internal Affairs) have increased efforts to engage with industry and government to raise awareness of cyber threats and to enhance the resilience of our networks and systems. Ian Fletcher Director Government Communications Security Bureau 2

Overview The New Zealand National Cyber Security Centre (NCSC) provides enhanced cyber security services to New Zealand Government and private sector organisations to assist them to defend against cyber-borne threats. As part of its functions, the NCSC records cyber security incidents affecting government agencies, critical infrastructure operators and private sector organisations. Reports are provided by affected organisations, researchers, IT security partners as well as local and international partners. All reported incidents are treated in-confidence and are notified to the NCSC via the reporting form located on the NCSC website. The statistical information presented in these reports is provided to raise awareness and general understanding of the nature of the cyber-threat landscape facing New Zealand organisations and individuals. Reporting In the year to 31 December 2013 the NCSC saw a continued increase in the number of incidents reported and recorded, from a total number of 134 recorded incidents in 2012, to a total of 219 in 2013. We believe this increase can be attributed in part to greater awareness of the importance of reporting incidents among the New Zealand government agencies and critical infrastructure providers, and also awareness of the role and functions of NCSC. Incidents must meet certain criteria designed to differentiate them from other common events, experienced in the on-line environment, before they are logged by NCSC personnel. A single incident could include multiple IP addresses, websites, networks and servers, organisations or affected parties. Case studies This Summary provides three case studies which have been drawn from actual incidents which were reported during 2012-2013. These provide context to the trends reported by the statistics, and also illustrate the impact that these incidents have on New Zealand organisations. 3

Incident Types The graph Category Breakdown (Fig 1.1) provides a breakdown of the incident reports as categorised by type. Scam & spam related incidents were the largest category of reported incidents at 30%. Denial of service (DoS) attacks and Botnet/Malware activity were the second largest categories making up 22% and 12% of incidents respectively. Other significant issues captured include network intrusions (7%), website compromises, hijacking & defacement (6%) and Spear Phishing (5%). Fig 1.1 Figure 1.1 indicates New Zealand is broadly in line with international trends for the types of cyber incidents. 4

Fig 1.2 Figure 1.2 highlights the changing trends in reported incidents. Case Study 1: Successful Spear Phishing Compromise A number of New Zealand organisations reported receiving spear phishing emails. Spear phishing emails are targeted emails which try to pass themselves off as legitimate emails with attachments containing malware, and are designed to trick the recipients into opening them. Upon doing so, malware is automatically installed on the user s computer and can then be used by an attacker for further compromises. In one case, a targeted spear phishing email containing a malicious.pdf file was sent to a number of email addresses for an organisation. Several recipients opened the attachment which then exploited a known vulnerability to install malware on the user s accounts. Once the malware was installed, the perpetrators were able to access the network and get greater privileges to increase their access across the network. Ultimately they were able to collect and then extract sensitive information from the organisation. 5

Incident Attribution Specific attribution of incidents can be problematic due to common measures used by malicious actors to mask their identity and location. Information sharing between the international IT security community can help provide a level of attribution. In 2013, NCSC identified the bulk of reported incidents (63 percent) originated from an overseas source. Nearly a third of the incidents reported (31%) involved incidents originating from domestic sources. 6% of incidents were unable to be attributed to a specific origin. Fig 1.3 6

Fig 1.4 Figure 1.4 highlights the changing trends in incident attribution. Case Study 2: Spoofed Email Address Private sector organisations reported receiving emails from scammers pretending to be employees. These spoofed emails were set up by scammers who were able to identify employees from the organisations open source information. The attackers used these names, or similar variations, to establish free email accounts. These web-based email addresses were then used to send emails to colleagues of the legitimate employees, requesting funds be paid on behalf of the organisation to bank accounts operated by the scammers. The organisation suffered financial loss as a consequence. 7

Incident Targets The majority of incidents reported in 2013 were targeted towards the Private Sector (68%), followed by the Government (20%), Individuals (5%) and critical national infrastructure, (2%). Fig 1.5 Case Study 3: Ransomware Attack on Company A number of ransomware reports were received in 2013. In one case a small business reported they had received emails from outside of New Zealand threatening to disable their business unless funds were paid. When no funds were paid the email senders we call them threat actors compromised the business s servers, installed malware which encrypted their files, causing the owners to lose access to their systems. Eventually the organisation was able to restore its network using historic back-ups, however they lost many recent records and were unable to conduct business for several days resulting in subsequent financial losses. 8

Fig 1.6 Figure 1.6 highlights the changing trends in incident targets. Concluding Remarks While this report is based on a relatively small number of recorded incidents (219) in 2013, these incidents do fall into the more significant categories of cyber intrusions occurring in New Zealand s cyberspace. The National Cyber Security Centre s on-going focus will remain the protection of core Government networks, the systems which support critical national infrastructure, and engagement with industry and business to protect intellectual property and economic assets. The National Cyber Security Centre interacts with other agencies, such as New Zealand Police National Cyber Crime Centre and the Department of Internal Affairs, international Computer Emergency Response Teams (CERTs), and non-government organisations, such as Netsafe, to help address the wider range of cyber threats. Contact Details If you or your organisation has experienced a cyber-security incident, this should be reported to the NCSC, as quickly as possible. All incidents must be reported via a completed Incident Reporting Form which is available on the NCSC website at: http://www.ncsc.govt.nz/incidents.html. Completed forms should be emailed to incidents@ncsc.govt.nz and if required you can speak with the NCSC directly on (04) 498-7654. All reports received are held in confidence. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback