NZ central bank hack – are state-backed cyber breaches on the rise?
- State-sponsored cyberattacks are not just interfering with governments anymore – more and more they are impacting private enterprise
While New Zealand has managed its coronavirus response remarkably well since its initial outbreak, another sort of virus has been insidiously creeping up much of the country’s vital digital infrastructure. As people and organizations spend more time online than ever before as a consequence of a widespread pandemic, cybercriminals saw more opportunity to push their agendas, resulting in a huge number of ransomware attacks, data breaches, and even very sophisticated nation-state sponsored attacks.
New Zealand’s financial sector was shaken recently by a major attack on the country’s stock exchange, which was hit by an unprecedented volumetric distributed denial of service (DDoS) attack last August. And now the latest high-level incident involves New Zealand’s central bank, which had one of its data systems breached by an unidentified hacker.
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” said Governor Adrian Orr, who stated that the breach has since been contained, and that it would “take time to understand the full implications of this breach.”
But Dave Parry, a professor of computer science at Auckland University, told Radio New Zealand that another government was likely behind the bank data breach, as there was limited financial motivation to interest other cybercriminals.
“Ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so you’d be more interested probably coming in from a government-to-government level,” Parry said.
The upper echelon of cybercriminal would stand to gain more by targeting a well-endowed corporation with sophisticated ransomware, and being able to profit by either holding sensitive company or user data hostage until the company gives in to their demands or by profiteering off the data itself.
Technically-proficient bad actors might also attack critical, highly-guarded systems as a prank, or to “see if it could be done”. But state-sponsored cyberattacks occur under very different motivations. Attacks sponsored by a state are usually highly coordinated, targeting specific systems and networks of critical infrastructural significance in the targeted country.
Last year, amid a hostile border dispute between the two, Chinese state-backed groups allegedly targeted a variety of organizations in India, ranging from civil services to private enterprises to broadcast media outlets, in a coordinated and sophisticated campaign.
State-sponsored cyber attackers also function to spy on other governments and organizations of interest, to create political instability, to sow discord and create confusion, and to undermine the targeted economy.
Microsoft in November revealed that it detected cyberattacks from nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the US, and came from Strontium, an actor originating from Russia, and two bad actors originating from North Korea known Zinc and Cerium.
And in a massive breach, a group purportedly working for Russia’s Foreign Intelligence Service inserted malware into IT infrastructure company SolarWinds’ network software. This was a strategic move to infect its over 300,000 customers worldwide, which includes the U.S. Departments of Defense and Homeland Security, all branches of the US military, and 425 of the Fortune 500 companies, including Microsoft and Mastercard.
What this means for businesses
With the marked uptick in state-sponsored cyber warfare targeting enterprises, organizations in affected regions are understandably spooked. The financial and IT fraternities in democracies ranging from New Zealand to Australia to the US are now making cybersecurity for critical infrastructure an urgent priority, as concerted state-sponsored adversaries are knowledgeable to attack even network software, to do the widest damage and to cripple economies.
With the heightened state of cybersecurity awareness, a CNBC survey found that at least half (50%) of American tech executives now believe that state attacks pose the biggest threat to their companies, while 32% of those surveyed further said that defining a national cybersecurity protocol should be the top priority for the incoming Biden administration and new Congress.
As the SolarWinds incident indicates, even firms with no governmental affiliation can become unwitting victims of a costly cyberattack. Hence it is in the organization’s best interests to upgrade their security protocols, to prioritize proper digitization of company assets, and to push their governments for adequate cybersecurity legislation.
“There is burgeoning cyber insurgency in American cyberspace with four rogue nations (Russia, Iran, China and North Korea) behind the majority of attacks,” says Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black. “Corporate digital transformation will be commandeered in the absence of vigilance.”