AI
Attacks and Vulnerabilities
Critical infrastructure
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
Reports
System Design & Architecture
Technology & Solutions
Threat Landscape
Vulnerabilities

NCSC reports changing trends in cyber threats, as financial motivation surpasses state-sponsored activities

November 02, 2023
NCSC reports changing trends in cyber threats, as financial motivation surpasses state-sponsored activities

New Zealand’s National Cyber Security Centre (NCSC) published Thursday its annual Cyber Threat Report, which reported a total of 316 incidents in the current financial year, impacting nationally significant organizations, which is a slight decrease from the 350 incidents reported in the previous year. The agency documented a total of 90 incidents, accounting for 28 percent of the total, that were likely criminal or financially motivated. Notably, financially motivated activities constituted a higher proportion compared to state-sponsored activities, which accounted for 23 percent of incidents this financial year. This is in contrast to the previous year, where state-sponsored activities made up 34 percent of incidents in the 2021/2022 year.

NCSC also disclosed that ransomware activity imposed significant costs and required substantial recovery efforts for organizations, both in the country and around the world.

Lisa Fong, deputy director-general of GCSB, responsible for the NCSC, said in a media statement that the drop in the number of incidents “may reflect a number of contributing factors, including recent disruptions to cyber criminal infrastructure; changing priorities or tactics of states; organizational cyber resilience and maturity; or our increasing ability to disrupt activity before harm takes place.”

Despite a drop in the total number of incidents recorded by the NCSC, the number of incidents detected by NCSC capabilities grew year-on-year. “Viewed over the last four fiscal years, the number of incidents detected by NCSC capabilities accounts for about a third of our total recorded incidents,” Fong observed.

The NCSC report said that organizations in Aotearoa New Zealand are defending against an increasingly complex cyber threat environment. “We see heightened determination from cyber-criminal actors attempting to extort payment from organisations that are increasingly aware of – and resilient to – extortion and manipulation tactics. Meanwhile, malicious cyber actors are adopting new techniques and technologies, challenging orthodox detection methods. With the rapid arrival of emerging technologies like generative artificial intelligence (AI), organisations seeking to benefit from these advancements must be prepared to govern their use, and control for privacy and security risks associated with their adoption.”

The NCSC continues to adapt to better position the nation to respond to this rapidly changing environment. “This reporting year we estimate NCSC advice and capabilities prevented $65.4 million in harm to nationally significant organisations. Over the last four fiscal years, the number of incidents detected by NCSC capabilities accounted for about a third of total recorded incidents.” 

In June, the NCSC supported the provision of its disruption capability, Malware Free Networks (MFN), to defend the customers of a major telecommunications provider. As a result of growing partnerships, its cyber threat intelligence now directly protects millions of New Zealanders and their businesses.

Recently, the Cabinet directed the integration of NCSC and New Zealand’s Computer Emergency Response Team (CERT NZ) functions to form the lead operational cyber security agency for Aotearoa New Zealand. The report added that by bringing together our people, capabilities, and domestic and international partnerships, New Zealanders stand to benefit from the consolidation of our mandates, along with a consistency of advice, and clearer knowledge about where to turn in the event of a cyber security incident.”

The NCSC Cyber Threat Report said that in 2022/2023, 23 percent of incidents showed indications of a connection to state-sponsored hackers when compared to 34 percent in the previous year). “The total of 73 incidents is a decline on the 118 recorded in 2021/2022. This 61% decline contrasts with this year’s record-high proportion of links to financially motivated groups or malicious cyber actors exhibiting financially motivated behaviours.”

For the first time, the NCSC recorded a higher proportion of financially motivated activity than those linked to state-sponsored cyber actors. “About half of all incidents showed neither clear links to state-sponsored activity nor criminal activity. Some examples of these unattributed incidents involved two instances of distributed denial-of-service (DDoS) against a government organisation, and suspicious activity on the network of a managed service provider.”

The numerous disruptive financially motivated cyber incidents the NCSC recorded this year reflect the international landscape. Significant suppliers were compromised and held to ransom, with the manufacturing and healthcare sectors among the most impacted globally this year. Cybercriminals target these sectors owing to their sensitivity to downtime and disruption, and reliance on older technology.

In past years, the NCSC observed extensive targeting of software vulnerabilities, predominantly from sophisticated cyber actors. Cybercriminals are now capable of this speed and scale of exploitation, previously the purview of likely state-backed actors. The NCSC Cyber Threat Report said this was evident in June 2023 with the re-emergence of ‘Clop’ ransomware targeting users of Progress Software’s MOVEit Transfer, a web-based file-transfer application. 

“Clop accessed over 100 instances of MOVEit using a zero-day vulnerability in the software, targeting organisations in the government, manufacturing, media, transport, retail, and professional services sectors,” the report added. “Clop, first observed in 2019, was among the pioneers of the ‘double extortion’ tactic – exfiltrating sensitive data before encrypting the victim’s copy of the files. Increasingly cyber criminals forego the encryption step, preferring to rely on data exfiltration to use as leverage over victims.” 

It also identified that state-sponsored cyber actors primarily pose an espionage threat to Aotearoa New Zealand. “These actors continue to demonstrate intent and capability to target Aotearoa New Zealand. State-sponsored cyber actors are typically motivated to maintain covert persistence on computer networks of high intelligence value. To achieve this goal, malicious cyber actors continue to identify novel weaknesses in – or new techniques for – evading Aotearoa New Zealand cyber defences,” the Cyber Threat Report said. 

It added that activity of this caliber against Aotearoa New Zealand networks is challenging to identify and attribute with high levels of confidence to specific cyber actors. Attribution to specific states may not be possible with the information obtained in every incident response phase. 

Looking ahead to 2024, the NCSC Cyber Threat Report said that it would be important for Aotearoa New Zealand organizations to embed good processes – both in technical controls and in cyber security governance. “In cyberspace, malicious actors are becoming more adept at covering their tracks and circumnavigating traditional defenses. We expect this trend to hold in the coming year, with novel botnets, or increasing use of legitimate tools for malicious purposes. The situation in Ukraine may change rapidly, and activity in cyberspace may trigger escalations with significant consequences.” 

For the NCSC, the coming year will continue to be one of growth and change, the report added. “As part of this process, we welcome our partners at CERT NZ as colleagues. Our collective strengths will combine to create an even more effective operational agency, ready to respond to the growing cyber security threat faced by people and businesses in Aotearoa New Zealand.”

The NCSC Cyber Threat Report comes a day after the Australian government published its initial Critical Infrastructure Annual Risk Review addressing the dangers posed to the nation’s critical infrastructure sector. The review, developed by the Cyber and Infrastructure Security Centre (CISC), summarizes security risks concerning Australia’s critical infrastructure in the past year. It identifies foreign interference and espionage as the primary threats to Australia’s critical infrastructure.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings