Spy agency GCSB says 170,000 cyberattacks on NZ caught in defence network

Intelligence agencies say an anti-malware system has tripped up more than 169,000 threats to New Zealand since the middle of last year.

Russia's invasion of Ukraine and ongoing economic pressures from the pandemic have increased concerns in some quarters about a surge in various nefarious cyber activity.

The GCSB National Cyber Security Centre said its "cyber threat disruption feed" was now offered to 11 partners.

The Malware Free Networks (MFN) feed aimed to detect and undermine cyber threats on customers' networks.

The signals intelligence agency said phishing expeditions, remote scanning and exploitation, malware activity and malware download were the most common threats.

Lisa Fong, National Cyber Security Centre deputy director general, said the MFN was offered to commercial cybersecurity service and managed service providers.

The 11 partners had hundreds of their own customers. Datacom and Advantage were among companies already revealed to have partnered with the bureau on the MFN.

"Since the MFN service commenced in mid-2021 it has disrupted more than 169,000 threats," Fong said.

That amounted to an average of roughly 370 attacks a day, or one every four minutes.

"These disrupted threats have included reconnaissance or scanning activity by malicious actors, phishing activity, and malware activity."

Phishing expeditions broadly involved attempts to steal money or identity by tricking a computer user into divulging personal or financial information.

One recent variation involved an Amazon Prime scam where Kiwis were emailed or called by people claiming to be from Amazon, and told they owed money.

Other malware or cybercrime varieties included Sakawa, combining elements of fraud, dating scams and voodoo practices.

Less intricate scams involved Trade Me or Facebook, sales cons where goods promised were simply never delivered.

Complex cyber attacks could disrupt infrastructure, trade, banking and government services.

Fong said the MFN threat feed contained indicators of compromise that the 11 partners used.

The MFN used inputs from sources including the signal intelligence bureau's Cortex initiative.

Fong said MFN partners included organisations of national significance, as well as small and medium-sized enterprises.

The increasingly skilled nature of cyberscammers and cybercriminals had sometimes blurred the line between state and individual actors.

The Herald this week revealed members of the Five Eyes intelligence alliance were meeting near Queenstown, where attendees including FBI agents were seen.

GCSB director general Andrew Hampton earlier this year said Russia's invasion of Ukraine caused a huge shift for global and domestic cybersecurity.

Hampton said the speed and scale of Russian disinformation prompted a shift in Western spy agency responses.

Ukrainian servicemen prepare to fire at Russian positions near Kharkiv in July. The war has complicated the cybercrime and cyberattack landscape too. Photo / Evgeniy Maloletka, AP

He said at President Biden's direction, the US had taken unprecedented steps to declassify intelligence and pre-empt Russia's false narratives and false-flag operations.

Hampton said in the early stages of the war, a heightened cyber defensive posture was almost certainly warding off Russian attacks successfully.

Some cybercrime groups pledged support for Russian president Vladimir Putin's Government, Hampton said.

These groups have threatened to retaliate against perceived cyber offensives against the Russian Government.

And some had threatened cyber operations against countries and organisations providing material support to Ukraine, while others had attacked Ukrainian websites, he said.

Of 404 local malicious cyber incidents recorded last year, 28 per cent showed links to suspected state-sponsored actors, Hampton added.