The government has launched CERT NZ, a cybersecurity unit that will track cyberattacks and offer information for internet users and businesses about online threats
Funded to the tune of $22.2 million over four years, CERT NZ will include an 0800 number and online reporting tools for logging suspected or actual cybersecurity incidents and will create threat advisories for IT professionals and businesses in conjunction with other CERT units around the world.
Some of the country’s leading cybersecurity experts have identified the big immediate and emerging threats that CERT NZ will be increasingly trying to identify and nullify, including University of Waikato Head of Cyber Security Lab Dr Ryan Ko.
“The biggest threats are probably the inability to respond quickly and effectively to attacks on the critical infrastructure in New Zealand,” he explains.
“The recent establishment of the New Zealand Computer Emergency Response Team (CERT) is a step in the right direction but more capabilities, in terms of tools and awareness, are needed for all public and private stakeholders – big and small. This will allow them to be able to respond and get back to business quickly.”
There are two big threats facing individuals now, he believes. “The first is ransomware such as TorrentLocker and variants of CryptoLocker and Locky, which will encrypt the information of a user to make the computer or laptop unusable, and only unlock the information when the criminals receive the ransom payment (usually in the form of bitcoins).”
The second threats are the human-nature related threats, or ‘social engineering’. “With the promise of free wifi, or an email which provides some alarming information, an unknowing or trusting user will click on a malicious link which will result in a download and sometimes, execution of malicious software which will take over the computing device.”
Ko says New Zealand businesses are not doing enough to combat cybersecurity threats. “It is encouraging to see organisations such as NetSafe, NCPO, InternetNZ, Office of the Privacy Commissioner, and the Institute of Directors roll out awareness campaigns relating to these.
“Yet we are still at a stage where some IT professionals will have graduated through traditional computer science or ICT training that did not contain security design or security-minded curricula.
Small and medium enterprises form 97 per cent of New Zealand’s economy, Ko notes, but adds that most of them are not well aware or equipped to respond to such threats. “In 2014, I conducted a survey together with market research company Colmar Brunton for Vodafone, called Cyber Security NZ SME Landscape, he recalls.
“It found that while companies with defined IT security policies are confident in their understanding of potential cyber threats, as many as two in ten do not have guidelines on what to do if their company was attacked by a hacker or a serious malware.”
Unitec Director of the Centre of Computational Intelligence Professor Hossein Sarrafzadeh observes that as recently as October there was a series of distributed denial of service attacks that targeted a major Domain Name System (DNS) services provider (Dyn) and resulted in widespread disruption, preventing users from accessing major websites such as Twitter, Spotify and PayPal.
“This attack was the result of a large number of insecure internet connected devices, also known as the internet of things (IoT),” he explains. “These devices were controlled by hackers and used to act as cannons to direct a large amount of bogus internet traffic and cause disruption.
“We are seeing a rapid growth in the sale and distribution of IoT devices that are not properly secured.
“As more objects become connected to the internet the opportunity for attacks increases. Here in New Zealand, we are seeing a rise in ransomware attacks and whaling attacks. Ransomware attacks are mainly targeting the health sector.
Another emerging threat is interference with political and financial systems. “Recent attacks on SWIFT are very worrying and could seriously threaten our financial systems. In the last month alone, we have seen Tesco bank have 2.5 million pounds stolen from 9000 of its customers, coordinated cyber-attacks in the UK and Germany that left more than 1 million people without internet access. This has potentially large geopolitical implications.”
This is an ongoing and evolving threat and there will always be opportunities for improvement. “Many larger organisations have a dedicated cyber security team that raise awareness within the company, develop their security architecture and monitor their network for suspicious activity,” Sarrafzadeh adds. “Many organisations also share threat intelligence information to keep each other updated with cyber threats in real time.
Like Ko, he believes the challenge sits with small to medium businesses who “may not have” the individual expertise within their teams or the budget to effectively deal with cyber threats.
“Not only may they lack the resources, but they may also lack security technologies such as Security Information and Event Management (SIEM) softwares, which are prohibitively expensive for most organisations,” Sarrafzadeh says. “For these reasons, they are increasingly becoming targets for cyber terrorism.”
New Zealand is a country made up of mostly small to medium businesses and so it is critical for our country as a whole that we do more to support these businesses. “Simple things like employee training, maintenance of anti-virus software and health checks of a business’ systems will decrease their risk of being attacked.”
However, University of Otago Associate Professor of Information Science Dr Henry (Hank) B. Wolfe maintains it’s the cell phone that presents the most ubiquitous threat to everyday computer usage.
“In four of the main bus routes in Dunedin, we have identified 7,499 unique wifi sites,” he reveals. “People, as a matter of routine, connect to whatever Wi/Fi site is available wherever they are and perform private actions without any concern as to why they are receiving this service, essentially free.
Wolfe cites the age-old given that nothing is free. “The cost of providing the wifi service must be borne by someone or some organisation,” he reasons. “Why would they provide that service to the public without receiving something for it?”
How many of these 7,499 sites are observing the user’s activity and recording it for some unknown purpose, he asks. “That purpose could be selling the information or making use of the information captured for some illegal purpose. There are no real safeguards.”
Wolfe notes that more and more exploits are being developed for cell phones because this is an information-rich environment without much in the way of protection. “There are 7.3 billion active mobile accounts now and that number is growing,” he adds.
The providers and developers spend an inordinate amount of time making their products so convenient that they become indispensable, he says, but seem to spend “very little time” trying to secure the environment. “The cell phone is the most ubiquitous surveillance device ever conceived by man.”
Cybercrime is also much more rewarding than traditional crime, with a lower risk of detection.
“The bad guys have figured out that going to a bank with a gun nets them $7,500 and 5-10 years in jail (90 per cent plus chance of getting caught and convicted),” Wolfe says. “Going to the bank via a computer nets an average of $250,000 and has a reduced exposure to being caught.”
Computer crimes, in general, are punished at a much-reduced level as compared to physical crime. “Today, everyone wants your data and is willing to pay for it. Privacy is archaic and most young people don’t value it. Therefore, the bad guys want to compromise big data for ransom, resale.”
Ransomware remains a major threat to individuals, Victoria University of Wellington Associate Professor of the School of Engineering and Computer Science Dr Ian Welch insists.
“Ransomware is software designed to look benign, that is delivered via email or messenger to victims who are tricked into installing. The software encrypts their files and instructs users to send a ransom in bitcoins.
Ransomware is very profitable due to the targeted nature of the attack resulting in a high conversion rate of contacts to payback (the emails are more sophisticated than the Nigerian prince type scams) and the fact that it pushes the costs of collecting the money onto the victim.”
Ransomware takes advantage of two things:
- technical — operating systems that provide too many privileges that can be exploited (compounded by home users often using the administrator user as their main profile)
- social — people find it hard to evaluate what is and isn’t a genuine request in the absence of training, and attackers exploit natural cooperative behaviours that have worked well in the past but don’t always work so well in the cyber world.
Data mining and artificial intelligence (AI) is a big help in the fight against new threats, in particular transfer learning that allows AI systems to transfer previous learnings to new domains – very important in a world where attackers change their methods day by day.
Technologies such as software defined networking; building systems that dynamically reconfigure the network in the face of threats.
“Similar systems do exist (CISCO for example) but these are quite inflexible and require you to use the one vendor everywhere,” Welch notes. “We want open and transparent solutions.”