Global cyberattack: NZ's spy agency strengthening security

NZ Herald

12 May, 2017 10:42 PM3 mins to read

Andrew Colarik, senior lecturer at Massey University, explains what it means for all of us

Cyber security experts brief Ministry of Health on virus which spread in UK hospitals.

New Zealand's spy agency is "taking steps" to strengthen the cyber security of government departments, critical infrastructure and big business as a ransomware attack sweeps the globe.

The Government Communications Security Bureau says it has not received any reports of the "WannaCry" malware infection affecting computers in New Zealand.

But a spokesman for the GCSB said its specialist cyber arm - the National Cyber Security Centre - is working with a newly formed government taskforce, the National Computer Emergency Response Team, to protect New Zealand's interests.

"The NCSC is taking steps to help increase the resilience of New Zealand's nationally significant systems. These steps include technical measures and provision of mitigation advice."

According to the GCSB website, "nationally significant systems" include government departments, "key economic generators, niche exporters, research institutions and operators of critical national infrastructure".

The police have also briefed the Ministry of Health as a precaution.

The WannaCry attack uses malware to encrypt victims data and demands victims pay a ransom to have their data restored.

"The NCSC is aware that the ransomware exploits a known vulnerability in Windows operating systems and has previously provided advice to it's customers on addressing this vulnerability," the GCSB said in a statement.

"We are also working with CERT NZ to provide information on how individuals, small businesses and operators of larger systems can reduce their vulnerability to ransomware attacks."

The reports of the malware spread began in Britain, where the National Health Service (NHS) described serious problems throughout Friday.

WannaCry software blocks access to computers and spread swiftly across the world, snarling critical systems in hospitals, telecommunications firms and corporate offices with the help of a software vulnerability originally discovered by the US National Security Agency.

Cyber-security experts said the malicious software works by exploiting a flaw in Microsoft software that was described in NSA documents stolen from the agency and leaked publicly in April by a criminal group called Shadow Brokers.

Microsoft released a "critical" patch fixing the flaw in March, before the NSA documents were publicly released, but the patch was apparently applied inconsistently, with many computers continuing to be unprotected.

The malicious software - called "ransomware" because it encrypts systems and threatens to destroy data if a ransom is not paid - is spreading among computers that have not been patched, experts said.