Busy start for cyber agency
Cyber-security agency Cert NZ said 364 attacks and incidents were reported to it during its first three months of operation, with victims estimating their losses at $730,000.
Seventy of the incidents were referred to the police, though operations manager Declan Ingram conceded it would not necessarily know if the referrals resulted in any action.
The agency’s first quarterly report indicated New Zealand got off lightly from the WannaCry ransomware attacks, with just six reported infections.
Cert NZ did not receive any reports from organisations impacted by the NotPetya cyber-attack in June, despite indications that the New Zealand branches of a handful of international businesses suffered some fall-out – including the Auckland arm of shipping company Maersk.
Cert NZ director Rob Pope said about a third of the incidents reported to it involved sophisticated phishing or ransomware attacks. ‘‘We need to be vigilant,’’ he said. One concern with the NotPetya malware was that it appeared to have been distributed through a doctored software update delivered by a Ukrainian accounting software company to its customers.
Microsoft’s global security chief for the health sector, Hector Rodriguez, acknowledged during a visit to Auckland last week that traditional cyber defences, such as installing the latest operating systems and patches, would not have protected against the attack or stopped the malware from spreading within organisations.
But he said that made it a rare exception. It was important organisations had processes in place to know when software updates were due from suppliers and to check they were legitimate, he said.
Technology investment needed to be prioritised, he said.
Ingram said ‘‘supply chain’’ security attacks such as NotPetya could be very difficult to mitigate against.
One of the latest high-profile victims of cyber-crime is US studio HBO.
It reportedly lost 1.5 terrabytes of data in an attack last month including the scripts for several unreleased episodes of Game of Thrones and the home phone numbers and addresses of actors Peter Dinklage (Tyrion Lannister), Lena Headey (Cersei Lannister) and Emilia Clarke (Daenerys Targaryen).
Niall King, Asia-Pacific sales director of US security firm Centrify, said the HBO hack demonstrated the futility of relying on passwords for network protection.
‘‘In just one incident, all those privileged account details are made public,’’ he said. ‘‘Relying on passwords for the last line of protection is like using toothpicks to defend Winterfell.’’
Ingram said Cert NZ would build up a more detailed picture of cyber-crime in New Zealand over time. ‘‘Our focus is on ensuring Kiwis know how and where to get help.’’