GCSB’s cyber arm warns foreign ‘investment’ in disinformation likely to grow | #government | #hacking | #cyberattack


National Cyber Security Centre director Lisa Fong has reported a big increase in criminal activity targeting key institutions and says the boundary between criminal and state-sponsored activity is becoming less distinct.

Foreign governments are suspected of involvement in 113 malicious cyber incidents that targeted important New Zealand organisations in the year to June, a government report says.

While that appears to only represent a slight increase on the previous year, the GCSB’s National Cyber Security Centre (NCSC) also warned that, globally, some countries had increased their efforts and investment in disseminating “disinformation and political interference”.

The use of disinformation was also likely to continue to escalate, it said in a section of its annual report addressing the international landscape.

NCSC director Lisa Fong said she couldn’t comment on whether foreign governments were involved in supporting disinformation campaigns, including Covid disinformation campaigns, in New Zealand.

* Calling out China for cyberattacks is risky – but a lawless digital world is even riskier
* Condemnation of China’s involvement in cyberattacks plays into global tensions
* Cyber attacks from state-based actor increasing

The NCSC was not specifically focussed on such campaigns as responsibility for them would sit elsewhere within government, depending on the issue, she said.

“To the extent that we have information available, through our relationships, we would make that available to relevant agencies.”

Fong said the fact that 113 cyber incidents had been tracked back to “suspected state-sponsored actors” meant that it believed it knew which foreign countries were responsible for those intrusions.

But the NCSC did not identify the countries responsible.

Security services have in previous years attributed specific attacks to North Korea and Russia, but Fong said the decision to call out particular countries was a wider government decision.

The NCSC also recorded 110 cyber attacks – such as ransomware and denial-of-service attacks – on key organisations that were conducted by criminal organisations, often seeking to extort money.


Waikato DHB chief executive Kevin Snee talks about the data dump onto the dark web in the wake of the cyber attack (video first published on July 1, 2021).

It was unable to apportion responsibility for about another 100 incidents.

Fong said it had seen a “sharp increase in recorded criminal activity”, with those attacks nearly doubling from the previous year.

The NCSC identified the three most serious incidents as the ransomware attack on Waikato DHB in May, the denial-of-service attacks on the NZX late last year and the hacking of the Reserve Bank in December.

It classed those as ‘C2’ incidents on its six-scale reporting measure – one stop short of its C1 classification which it would use for incidents that constituted a “national emergency”.

Fong would not comment on whether any of those attacks had state links.

But she said the suspected state-sponsored incidents tended to be attempts conducted in secret to “extract valuable data for geostrategic or political advantage”, rather than being aimed at causing disruption.

Valentina Bellomo/Stuff

The NCSC has issued a general warning about a rise in disinformation campaigns by foreign governments but hasn’t commented on whether it believes NZ’s Covid response is being targeted.

She indicated the line between state-sponsored attacks and criminal activity was blurring.

“It is becoming increasingly difficult to distinguish between state and criminal actors, particularly in cases where we are able to intervene early,” she said.

“State actors sometimes work alongside, or provide havens for, criminal groups and we are increasingly seeing criminal groups now using capabilities once only used by sophisticated state actors.”

The NCSC has been rolling a new tool called the Malware Free Network (MFN) which is seeing it partner with private sector organisations to detect and disrupt cyber attacks at an early stage.

“The intention is to partner with industry organisations – from large telecommunication providers, to mid-sized managed service providers and small technology integrators – to make the MFN service available to as many organisations as possible,” it said in its report.

“The NCSC anticipates MFN will grow to block more malicious traffic over time, and will provide unique threat insights and intelligence in support of increased detection.”

The NCSC estimated it had prevented “$119m of harm” to nationally significant organisations through such prevention and advice in the year to June.

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

one + 7 =