News & Resources

Information Security incidents on the rise in NZ

CERT NZ’s Quarter One Report provides an overview of the cyber security incidents reported from 1 January—31 March 2019.


 -  We received 992 reports in the first quarter of 2019. This is the second highest number of incidents reported to CERT NZ in a quarter since its establishment.
 
- Phishing and credential harvesting, scams and fraud, and unauthorised access have consistently been highest incident categories since quarter four, 2017.

- CERT NZ received the highest number of unauthorised access in a quarter so far, with a 19% increase on the previous quarter. Just over two thirds of these were about individuals.
Unauthorised access can be costly, in this quarter 30% of incidents reported financial losses, totalling $329,000.

- $1.7 million in direct financial losses was reported in quarter one.

Cert_4Q_2018_Incidents

Read the report here :
https://www.cert.govt.nz/about/quarterly-report/quarter-one-report-2019/

Windows 7 / 2008(R2) EOL

After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running Windows 7.

On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end as well. That means the end of regular security updates.

Let DigIntSol help make it a seamless transition to the latest Windows platforms.

https://www.microsoft.com/en-ca/windowsforbusiness/end-of-windows-7-support
https://www.microsoft.com/en-us/cloud-platform/windows-server-2008

Protect your website

Your business website is an important asset, and if it’s compromised it can be really disruptive to you and your clients.

- Use SSL (HTTPS), especially if you handle customer data
- Set automatic software updates and domain renewal
- Regularly backup your site
- Check your website regularly, if content changes without your input you may have been compromised

DigIntSol can monitor and help protect your website.

Attack Surface

An attack surface is the total sum of vulnerabilities that can be exploited to carry out a security attack.
Attack surfaces can be physical or digital.
Keeping the attack surface as small as possible is a vital security measure.

Pen Test

Penetration testing or ethical hacking is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
The process involves gathering information about the target before the test, identifying possible entry points, attempting to break in -- either virtually or for real -- and reporting back the findings.

Essential Eight Maturity Model

The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organisations mitigate cyber security incidents caused by various cyber threats.

The most effective of these mitigation strategies are known as the Essential Eight.

Download it here

Urgent/11

A serious group of flaws has been found in a range of products running a widely used Realtime OS - VXWorks "that affect millions of critical infrastructure systems, such as SCADA gear at utilities, elevator and industrial controllers, patient monitors and MRI machines, programmable logic controllers (PLCs), robotic arms and more – as well as firewalls, routers, satellite modems, VoIP phones and printers."

"There are at least 2,000 vendors that depend on this code”

The attacks can happen from the internet and pass through NAT / Firewall and infect devices on the inside of your network like printers & IOT devices and some brands of firewalls directly. For technical details and some Proof Of Concept videos please look here : https://threatpost.com/urgent-11-critical-infrastructure-eternalblue/146731/

For a list of some manufacturers affected please see here : https://en.wikipedia.org/wiki/VxWorks

Some notable brands affected :
Apple Airport Extreme
Drobo data storage robot
External RAID controllers designed by the LSI Corporation
Fujitsu ETERNUS DX S3 family of unified data storage arrays
Samsung DCS and OfficeServ series
SonicWALL firewalls
Dell PowerConnect switches that are 'powered by' Broadcom
Cisco CSS platform
Cisco ONS platform
Alcatel-Lucent IP Touch 40x8 IP Deskphones

Please take the time to check your router and printer firmware is up to date. If your router manufacturer has not released a new firmware in the last year its time to buy new as there are many other known vulnerabilities outside of this one affecting all major router brands.

Please contact DigIntSol if you have any questions or need help in identifying if you are affected by this or other current issues.
We can identify your attack surface and help reduce and remediate the risks.

Postal Address

P.O Box 30260
Lower Hutt 5040

Contact

Email: contact_us@digintsol.nz
Phone: +64 4 391 9200

Hours

09:00 - 17:00
Monday - Friday