Computer Emergency Response Team – CERT NZ
Case Study-Security Assessment Report
Report Prepared by
Varun Vaidyanathan 13488014
Nelson Marlborough Institute of Technology, Nelson
IT Security is a major concern for any country or organisation. It is necessary to evaluate cyber security continuously. Security area need constant monitoring and reporting of threats when its detected on day to day basis. This is why because everyday a new improvement is happening in Information Technology division. Hence cyber defence mechanism also need to be improved on day to day basis. Many developed countries now spending much energy and money in this field to protect them from malicious cyber-attacks. Cyber attacks happening in many different fields. For example hacking a person’s private data can cause loss of money. Another example is attacks on defence sector of a country. Both are need to be strictly prohibited.
A security threat may be from internal or external and this proves that mere identification does not make anyone eligible to access IT assets and resources. Hence Authentication and Authorisation is needed. This is the official approval given to the user after conducting all the pre checks. Deploying the best solution across any organisation will definitely improve its business continuity and it also adds legal and financial weight to the organisation. Data security and protection are the key reasons to develop the most sophisticated security software applications by big IT companies like IBM, Oracle, Microsoft etc. For example Microsoft Azure is a cloud product now used by many organisations across the globe.
Most of the security software address the common issues such as
1. Easy and Secure Authentication
2. Data Protection
3. Business Continuity
4. Monitoring and Reporting
Hence to find the best solution is a major challenge for any organisation.
In this case study we are going to discuss and compare security measures taken by New Zealand Government on the basis of different cyber security reports. The government has invested nearly 23 Million NZ Dollars to establish national cyber security team in 2016.The name of the team for cyber defence is Computer Emergency Response Team(CERT).CERT has been launched since 11 April 2017. CERT comes under Mistry of Business, Innovation and Employment. The job of this team is monitor, track, advise security threats and incidents affecting New Zealand. CERT has been published 4 reports about cyber security since their launch. Each report has its own importance because the latest report has information about current threats.
2017 Q2 Report (April 11-June30)
It has many information related to security threats reported by individuals and different organisations. Any one can contact CERT through website or the number 0800237869 to report cyber threat.
In the mid of May 2017 there is a huge spike in security incidents. On that time WannaCry ransomware attack hit the country and 18 incidents were reported in total. A sum of 364 incidents reported in the quarter most of them are phishing attacks. Many of the citizens faced financial loss due to these incidents and it was around NZ$730,000.
Apart from this, there were other impacts of these incidents. They are Data Loss, Technical Damage to the organisation, Reputation Loss, Operational difficulties.
Another ransomware called NotPetya (Initially named as Petya) affected Microsoft products on June28 globally. CERBER was another ransomware which cause less damage compared to the other two. Only a few incidents were reported to CERT NZ.
The below two given pictures give an idea about total security threats happened in 2017 Q2.
Note : Netsafe is a non-profit organisation which works for online safety
Analysis : From the whole story it can be clearly identify that phishing, Malware, Unauthorised access, Scam and Fraud caused damage more. These are the basic threats commonly found anywhere in the globe. However Global ransomware contributed its share but this can be expected at any time. Apart from these, a few other security incidents reported which is very less compared to Phishing.
Remedy : Cyber Security can be achieved with the help defence mechanism and use of modern technology. But there is a big gap still exists in between people and technology. People have basic computer skills but less aware of how to use it securely. Filling this knowledge gap is not easy. This can be done through educational institutions in the country. The students who study Information Technology as major can conduct free camps about computer security in each region of this country can make a big difference. This not only give an extra experience to students but can create a lot of awareness among people in this country. By this method Government’s cost for cyber defence can be reduced.
2017 Q3 Report(July 1–September 30)
The value of financial loss was huge when compared to 2017 Q2.It was around 1.1Million NZ Dollars. Half of the incidents were reported by individuals. It is interesting to see that technology organisations affected more issues. Targeted Invoice Scams were on the rise at this quarter. A sum of 390 incidents were reported at this quarter.78 of them referred to NZ Police and 15 of them referred to Netsafe. Remaining all incidents were handled by CERT Team. Auckland region alone has reported 90 incidents shows the criticality of handling them carefully. There was a rise in security threats compared to 2017 Q2.
The category of attacks and how it affected organisations has shown below. These pictures give a clear understanding of detected threats in NZ.
The main point noted should be financial loss is more comparing with technical damage and operational damage. The another finding is technology organisations, financial and insurance organisations targeted mostly shows the seriousness of the attack. If you look at geographical region Auckland and Wellington is affected most. Wellington is the capital of New Zealand whereas Auckland is the Business Capital. A new study needs to be conducted why these two places affected most. The detailed study of phishing shows it can be reduced huge in number by careful dealings with emails.
At the end of the analysis some initial remedy steps that can prevent financial loss are 1. Educate and report people about phishing. 2.Spam emails should be reported to CERT. The highly populated areas should be closely monitored. The examples of Auckland and Wellington gives us a clear picture for this. The third finding is organisation who involved in financial business should take extra measures. Office 365 Phishing campaign shows we should not click on links which are suspicious. Also it is advisable to change email password at regular intervals. The long term usage of one email password is vulnerable to attacks.
2017 Q4 Report(October 1-December 31)
CERT has received 377 incidents in fourth quarter. Out of these 144 were cyber crime and it is referred to police.2 were referred to Netsafe and other two incidents were referred to National Cyber Security Centre. A huge increase in cyber crime were noted in this period. Scams and fraud cases were more compared to Phishing incidents. A significant rise in number has reported in scams and fraud cases compared to quarter three.139 cases were a huge spike from 65 reported in 2017 Q3.The financial loss hence was increased to 3.4 Million NZD. There were scams related to cryptocurrency reported in 2017 Q4.It must be noted that the crypto currency dealings are more in near future. Please check the given details below.
Scams and frauds are increasing each quarter and the financial loss at quarter four is maximum in 2017. Scams and Frauds category threat at its peak at the end of the year. However, there is a decrease in Phishing and credential harvesting cases as that of 2017 Q3.Unauthorised Access incidents has increased at the end of Q4.This is due to sharing confidential information. Regional analysis of 2017 shows that in Auckland and Wellington most number of incidents were reported. Please check the table below.
Remedy Plan by CERT: There are several valid advices from CERT in the year end. Some of them are Two-factor authentication, strong password selection. 2FA included a layer of security other than password. This may include random token number or biometric level security. CERT also insists full disk encryption to protect data. Stay safe from hoax websites is another way of avoiding threats.
2018 Q1 Report(January 1- March 31)
A huge number of incidents were reported in this quarter. The statistics of incidents have given below.
The financial loss reported at Q1 was 2.9 Million NZD. Please check the below tables to see how many individuals and organisations affected in 2018 Q1.Auckland has reported the most number of incidents in this quarter 194 and the second most number of incidents were reported at Wellington (102).
Auckland and Wellington need more protection from cyber-attacks. Phishing and credential hacking still at its peak. This shows that one or two campaigns at each quarter is not sufficient to create awareness among people.
Some advices given earlier by CERT is not properly following. This is the main reason why similar category of attacks are happening in NZ. Hence creating security awareness among people in all ages is necessary to prevent these attacks.
RECOMMENDATIONS AND CONCLUSIONS
In 2017 there was a consistency in reporting threats but in first quarter of 2018,there is a huge spike can be seen. This is pointing us to take certain steps to prevent these attacks. Everyone can read and look at the report published by CERT. Hence it is necessary to follow the advices from CERT team since it handles recent security issues in the country.
Also as an individual we can follow the below steps to stay safe and secure in digital environment.
1.From all the reports it can be seen that Phishing is the main category of attacks. Attackers can trick the users easily. The best solution for this is check and read the email carefully. No genuine emails asks for our personal security credentials.
2.When we visit a website do not install any suspicious software directly. Please download and use the software from authentic websites. For example Microsoft and Adobe etc.
3.Install antivirus and update it regularly in your personal devices to detect attacks.
4.Do not use unsecured WIFI or any other network for usage.
5.Change the email passwords/any other account password at least after 90 days.
6.Do not exchange your credentials with anyone.
7.Smartphone are now used in unsecured way. It must be very careful when we share data through smartphones.
8.Social media is another threat for privacy and security of a person. We must be very careful when we share data on social media
9.Awareness of current technology and security issues. This serves a lot to prevent cyber-attacks.
10.If anything found suspicious in digital platform, first seek expert advice/log a call to Cyber Security defence team in the country.
11.Please scan external memory devices before use.
12.We must log out from the session after use of online accounts.
The above are the simple steps anyone can follow to avoid cyber-attacks.
When it comes to organisation there are several other methods we use to avoid attacks. A few steps are below.
1.In an organisation we must take care threats from inside and outside.
2.Every organisation use IAM(Identity and Access Management) solutions for checking authenticity of a user.
3.Use of firewall and security software add another layer of protection.
4.Usage of IT assets and resources must be controlled by IT Security team.
Most of the scams and frauds will happen by giving extra access to the internal user.
5.Conducting internal and external IT audits regularly and mitigate the errors previously happened.
6.Fiancial Organisations must improve their IT Security and report the incidents of phishing email.
7.The biometric authentication of customers and employees can improve digital security in an organisation.
8.Use the cloud services in appropriate manner.
9.Organisations must be very careful to adapt and update global technology trends.
Technical Terms used in this report and their description
Botnet Traffic -Infected computer’s network. It can be controlled remotely without user’s knowledge.
Command and Control Server -A computer used to give commands to infected network or Botnet
Denial of Service(DOS) -A cyber-attack which makes a machine / resource unavailable to authorised users temporarily or indefinitely
Malware -Malicious Software
Phishing and credential harvesting -Attackers used this method to trick users by sending email which looks genuine.
Ransomware -A type of Malware
Vulnerabilities -Often means weakness
Website Compromise -Use websites for malicious purpose. Example is spreading malware to site visitors.