NZ gets a 'CERT' - What are the
big cybersecurity threats?
11 April 2017
The Government today launched CERT NZ, a cyber security unit that will track cyber attacks and offer information for internet users and businesses about
online threats.
CERT NZ, which has been funded to the tune of $22.2 million over four years, will include an 0800 number and online
reporting tools for logging suspected or actual cyber security incidents and will create threat advisories for IT
professionals and businesses in conjunction with other CERT units around the world.
So what are the threats that CERT NZ will be increasingly trying to protect New Zealand internet users from? Recently we
asked some of the country's leading cybersecurity experts to identify the big immediate and emerging threats.
Please feel free to use the comments from this Expert Q in your reporting.This is an abridged version - you can access the full version on our website.
Dr Ryan Ko, Head of Cyber Security Lab, University of Waikato:
Contact: ryan@waikato.ac.nz, +64 22 320 2761
Over the last year, what big episodes have we seen in cybersecurity globally that point to the most significant emerging
threats?
“The Mirai botnet attack was probably the most devastating cybersecurity attack in recent times. It was not only the largest distributed denial
of service (DDoS), disrupting major ISPs and companies worldwide, it also brought to light the dangers of insecure,
vulnerable Internet of Things devices.”
What are the biggest threats cyber attacks pose to critical infrastructure in New Zealand?
“The biggest threats are probably the inability to respond quickly and effectively to attacks on the critical
infrastructure in New Zealand. The recent establishment of the New Zealand Computer Emergency Response Team (CERT) is a
step in the right direction but more capabilities, in terms of tools and awareness, are needed for all public and
private stakeholders – big and small. This will allow them to be able to respond and get back to business quickly.”
Just about everyone is now connected to the internet via a laptop or smartphone - what are the biggest threats we face
as individual internet users? (eg. apps, unsecured wifi, use of e-commerce)
"There are two big threats facing individuals now. The first are ransomware (e.g. TorrentLocker, variants of
CryptoLocker, Locky, etc) which will encrypt the information of a user to make the computer or laptop unusable, and only
unlock the information when the criminals receive the ransom payment (usually in the form of bitcoins).
"The second threat we face as individual users are the human-nature related threats, which we call 'social engineering'.
With the promise of free wifi, or an email which provides some alarming information, an unknowing or trusting user will
click on a malicious link which will result in a download and sometimes, execution of malicious software which will take
over the computing device."
Are New Zealand businesses doing enough to combat cybersecurity threats?
"At the moment, New Zealand businesses are not doing enough to combat cybersecurity threats. It is encouraging to see
organisations such as NetSafe, NCPO, InternetNZ, Office of the Privacy Commissioner, and the Institute of Directors roll
out awareness campaigns relating to these. Yet we are still at a stage where some IT professionals will have graduated
through traditional computer science or ICT training that did not contain security design or security-minded curricula.
"Small and medium enterprises form 97 per cent of New Zealand's economy but most of them are not well aware or equipped
to respond to such threats. In 2014 I conducted a survey together with market research company Colmar Brunton for
Vodafone, called 'Cyber Security NZ SME Landscape'. It found that while companies with defined IT security policies are confident in their understanding of potential
cyber threats, as many as two in ten do not have guidelines on what to do if their company was attacked by a hacker or a
serious malware.?
Professor Hossein Sarrafzadeh, professor of computer science, director of the Centre of Computational Intelligence for
Cyber Security, Unitec:
Contact: hsarrafzadeh@unitec.ac.nz, +64 21 303 044
Over the last year, what big episodes have we seen in cybersecurity globally that point to the most significant emerging
threats?
"As recently as October there was a series of distributed denial of service attacks that targeted a major Domain Name
System (DNS) services provider (Dyn). This resulted in widespread disruption, preventing users from accessing major
websites such as Twitter, Spotify and PayPal. This attack was the result of a large number of insecure internet
connected devices, also known as the internet of things (IoT). These devices were controlled by hackers and used to act
as cannons to direct a large amount of bogus internet traffic and cause disruption.
"We are seeing a rapid growth in the sale and distribution of IoT devices that are not properly secured. As more objects
become connected to the internet the opportunity for attacks increases. Here in New Zealand, we are seeing a rise in
ransomware attacks and whaling attacks. Ransomware attacks are mainly targeting the health sector.
"Another emerging threat is interference with political and financial systems. Recent attacks on SWIFT are very worrying
and could seriously threaten our financial systems. In the last month alone, we have seen Tesco bank have 2.5 million
pounds stolen from 9000 of its customers, coordinated cyber-attacks in the UK and Germany that left more than 1 million
people without internet access. This has potentially large geopolitical implications."
Are New Zealand businesses doing enough to combat cybersecurity threats?
"This is an ongoing and evolving threat and so there will always be opportunities for improvement. Many larger
organisations have a dedicated cyber security team that raise awareness within the company, develop their security
architecture and monitor their network for suspicious activity. Many organisations also share threat intelligence
information to keep each other updated with cyber threats in real time.
"The challenge, however, sits with small to medium businesses who may not have the individual expertise within their
teams or the budget to effectively deal with cyber threats. Not only may they lack the resources, but also they may lack
security technologies such as Security Information and Event Management (SIEM) softwares, which are prohibitively
expensive for most organisations. For these reasons, they are increasingly becoming targets for cyber terrorism.
"New Zealand is a country made up of mostly small to medium businesses and so it is critical for our country as a whole
that we do more to support these businesses Simple things like employee training, maintenance of anti-virus software and
health checks of a business’ systems will decrease their risk of being attacked."
Dr Henry (Hank) B. Wolfe, Associate Professor, Information Science, University of Otago:
Contact: hank.wolfe@otago.ac.nz, +64 3 479 8141
Just about everyone is now connected to the internet via a laptop or smartphone - what are the biggest threats we face
as individual internet users? (eg. apps, unsecured wifi, use of e-commerce)
"In my humble opinion, the cell phone presents the most ubiquitous threat to everyday computer usage. In four of the
main bus routes in Dunedin, we have identified 7,499 unique Wi/Fi sites. People, as a matter of routine, connect to
whatever Wi/Fi site is available wherever they are and perform private actions without any concern as to why they are
receiving this service, essentially free.
"In this life, if there is one given, that has to be that nothing is free. The cost of providing the Wi/Fi service must
be born by someone or some organisation. Why would they provide that service to the public without receiving something
for it?
"How many of these 7,499 sites are observing the user’s activity and recording it for some unknown purpose? That purpose
could be selling the information or making use of the information captured for some illegal purpose. There are no real
safeguards."
Looking out to 2020, what are the biggest emerging cybersecurity threats that you see?
"More and more exploits are being developed for cell phones because this is an information-rich environment without much
in the way of protection. There are 7.3 billion active mobile accounts now and that number is growing. The providers and
developers spend an inordinate amount of time making their products so convenient that they become indispensable.
"They seem to spend very little time trying to secure the environment. The cell phone is the most ubiquitous
surveillance device ever conceived by man. There may come a time, if we allow it, where everyone MUST have a cell phone
in order just to live. That would be sad."
Generally, who are these cyber attackers, and how has the nature of cyber attacks changed in the last decade?
"The bad guys have figured out that going to a bank with a gun nets them $7,500 and 5-10 years in jail (90 per cent plus
chance of getting caught and convicted). Going to the bank via a computer nets an average of $250,000 and has a reduced
exposure to being caught.
"Computer crimes, in general, are punished at a much-reduced level as compared to physical crime. Today, everyone wants
your data and is willing to pay for it. Privacy is archaic and most young people don’t value it. Therefore, the bad guys
want to compromise big data for ransom, resale."
Dr Ian Welch, Associate Professor, School of Engineering and Computer Science, Victoria University of Wellington:
Contact: ian.welch@ecs.vuw.ac.nz, +64 22 084 8265
Just about everyone is now connected to the internet via a laptop or smartphone - what are the biggest threats we face
as individual internet users? (eg. apps, unsecured wifi, use of e-commerce).
"Ransomware remains a major threat to individuals. Ransomware is software designed to look benign, that is delivered via
email or messenger to victims who are tricked into installing. The software encrypts their files and instructs users to
send a ransom in bitcoins.
"Ransomware is very profitable due to the targeted nature of the attack resulting in a high conversion rate of contacts
to payback (the emails are more sophisticated than the Nigerian prince type scams) and the fact that it pushes the costs
of collecting the money onto the victim.
"Ransomware takes advantage of two things: (1) technical -- operating systems that provide too many privileges that can
be exploited (compounded by home users often using the administrator user as their main profile); (2) social -- people
find it hard to evaluate what is and isn’t a genuine request in the absence of training, and also attackers exploit
natural cooperative behaviours that have served us well in the past but don’t always work so well in the cyber world."
What promising research are you seeing that points the way forward to more effective cybersecurity protection?
"Data mining and artificial intelligence (AI) is still a big help in the fight against new threats, in particular
transfer learning that allows AI systems to transfer previous learnings to new domains. Very important in a world where
attackers change their methods day by day.
"Technologies such as software defined networking; building systems that dynamically reconfigure the network in the face
of threats. Similar systems do exist (CISCO for example) but these are quite inflexible and require you to use the one
vendor everywhere. We want open and transparent solutions."