Defending New Zealand against phishing

Declan Ingram Deputy Director at CERT NZ •

Just as fishing is a popular Kiwi pastime, so too is phishing for cyber attackers.

Of course, phishing doesn’t involve rods and tackle. Instead cyber attackers use carefully crafted emails as hooks to reel people into sharing their personal information, particularly financial details. They do this by pretending to be a trustworthy organisation, like a bank or government agency, using similar designs, logos and language to appear legitimate.

But it doesn’t stop there. Phishing is often the first step cyber criminals take to launch other types of attacks, such as malware and ransomware.

Falling hook, line and sinker for a phishing scam can be detrimental to all those involved. People could lose money, or have their personal information stolen and used fraudulently. Organisations risk losing money, customer trust and damaging their reputation.

Tackling the phishing problem

Phishing is one of the most common and successful cyber security attacks. In 2019, half of the incidents reported to CERT NZ involved phishing emails.

Distinguishing a phishing email from a genuine email can be tricky. It might be that there’s something “phishy” about the email address, URL or domain name. Working this out can be difficult and take a long time – even for specialists.

CERT NZ decided to tackle phishing attacks head-on by creating an alert system – called the Threat Intelligence API - to help businesses protect themselves and their customers. The system works by identifying and sharing the “bad” characteristics of each phishing email. Knowing this allows organisations to block them.

How does it do this? Well, we receive information about potential phishing emails either from incidents reported directly to us, or from information provided by third parties. From there, our Incident Response experts investigate whether the email is indeed phishing, or if it’s a legitimate email from the organisation it claims to be. In the latter case we don’t take any further action, so there would be no impact on the organisation’s communication campaign.

When we identify a phishing email, we share the bad aspects about them with our Threat Intelligence API feed to notify organisations. Organisations can then use this information to protect themselves from an attack by blocking or detecting the indicators on their web proxies, domain name servers and mail services, and intrusion detection software.

Reaping the benefits

As well as giving organisations a boost to their cyber defences, the system provides an overview of the threat landscape, and gives us a greater understanding of indicators that are unique to New Zealand.

It also allows us to feed data about New Zealand specific attacks to international feeds, thereby increasing awareness of campaigns that might be unique to New Zealand.

Some of the indicators we identify will be in New Zealand systems, but the system owners may not know that they are affected. Our Incident Response team reach out to affected organisations and help them resolve the issue.

Declan Ingram is the Deputy Director at CERT NZ, New Zealand’s Computer Emergency Response Team. The organisation supports businesses, organisations and individuals who are affected by cyber security incidents. CERT NZ provides trusted and authoritative information and advice, while also collating a profile of the threat landscape in New Zealand.

InternetNZ's security product, Defenz DNS Firewall, is now consuming CERT NZ’s local threat feed. Check out how Defenz can protect your business.

Defenz DNS Firewall

A Domain Name System (DNS) firewall is the layer on top of your traditional perimeter protection. It’s essential to strengthening your customers’ defence against existing and new threats.

Read more

What is Defenz?

A DNS firewall kicks in when a device tries to resolve a domain name to an IP address.

Read more

The value of Defenz DNS Firewall

Read more

Got dotNews?