National Cyber Security Centre sees growing threat

Criminal cyber attacks targeting Aotearoa New Zealand skyrocketed in numbers over the last year and continued to grow in sophistication.

At Reseller News Rob O’Neill writes: National Cyber Security Centre reports a surge in criminal cyber attacks.

While the proportion of state-linked malicious cyber activity was down slightly from last year’s 30 per cent, this was because of the greater proportion of criminal incidents recorded.

The 
report showed there were 404 incidents affecting nationally significant organisations in the 2020/21 year, a 15 per cent increase on last year.

These numbers reflect the NCSC’s focus is on incidents affecting New Zealand’s nationally significant organisations, and on incidents likely to have a national impact, which means the numbers represent just a small proportion of the total incidents affecting New Zealand

This squares with anecdotal evidence from New Zealand businesses that they are now constantly under attack.

Inside job

When it comes to government and large scale business systems, it is likely the attackers are already inside the systems waiting for an opportunity.

Everyday crime rates are dropping in most rich countries like New Zealand. There’s a clear switch from activities such risking your life with weapons to rob a a physical bank and getting online to steal money. Computer fraud is on the rise everywhere. And online crime is up since the start of the Covid pandemic.

Technology doesn't help. Bitcoin, a cryptocurrency, may not have been invented to smooth the way for criminals, but it is used by the underworld to move money around. Drug gangs are carrying fewer suitcases full of banknotes and dealing with more crypto transactions. Encrypted messaging services are used to communicate.

While these tools have legitimate uses, criminals have embraced them and depend more on them.

Ransomware

Ransomware remains the biggest threat. Criminals lock up data or disrupt systems until victims pay them, almost always the transaction is in Bitcoin.

At first ransomware gangs targeted small business. It turns out that was all about learning their trade. Today they target government departments, a DHB in New Zealand, police departments overseas.

They operate on an industrial scale and there are well established digital underworld supply chains.

We know most of the gangs are based in a small number of countries. Officials don’t like to talk about this because of diplomatic niceties. As a journalist I can tell you that Russia, other parts of eastern Europe and China are the main sources. We also know some states turn a blind eye to the activity so long as the gangs focus on foreigners. There’s evidence criminal gangs and state hackers co-operate.

Governments have been slow to focus on fighting cybercrime. We can expect that change, but don’t expect a let up from the gangs.