National Cyber Security Centre (NCSC) Reports Record-High Financially Motivated Cyber Activity in New Zealand

The National Cyber Security Centre (NCSC) in New Zealand has released its annual Cyber Threat Report, highlighting a record-high 28% of cyber incidents as likely criminal or financially motivated. This surpasses state-sponsored activity, accounting for 23% this financial year compared to 34% in the previous year.

Key Points:

  1. Ransomware Dominance:
    • Financially motivated cyber activity, including ransomware attacks, imposes significant costs and recovery efforts for organizations in New Zealand and globally.
    • Ransomware and extortion activities constitute a substantial portion of confirmed criminal activities observed by the NCSC.
  2. Incident Trends:
    • The number of recorded ransomware incidents has remained relatively consistent over the last three years, averaging more than one per month in the fiscal year.
    • The NCSC reported 316 incidents affecting nationally significant organizations this financial year, compared to 350 the previous year.
  3. NCSC Capabilities:
    • Despite a drop in the total number of incidents, the NCSC’s capabilities for detection and disruption have grown year-on-year.
    • The NCSC’s threat detection and disruption service, MFN, expanded its coverage and disrupted 20,800 connections to known malicious infrastructure per month.
  4. Harm Prevention:
    • The NCSC’s services, including detection, disruption, advisory, and threat intelligence, prevented an estimated $65.4 million of harm to nationally significant organizations in the 2022/2023 year.
  5. Cyber Defence Impact:
    • Partnerships and developments in the NCSC’s cyber defensive capabilities have allowed them to scale services to a significant number of organizations and individual home users.
    • The MFN service has played a crucial role in disrupting cyber threats and protecting millions of New Zealanders.
  6. Future Outlook:
    • The report emphasizes the need for good cybersecurity practices among nationally significant organizations in light of the increasing financial motivation behind cyber activities.
    • Looking ahead to 2024, the NCSC aims to continue its growth and change, collaborating with partners like CERT NZ to enhance operational effectiveness in responding to cybersecurity threats.