News, Training Resources

Cyber Attacks: Warning & Tips

Posted on 01 June 2021

Hackers are deliberately targeting government agencies, NGOs, think tanks and consultants in New Zealand - those organisations who might not have the budget to spend millions on cyber security, reports Radio New Zealand.

The hackers are known as 'Nobelium', and originate from Russia. They are the same actor behind the attacks on SolarWinds customers in 2020, according to Microsoft.

The United States gets the largest number of attacks, but over 24 countries have been targeted recently, including New Zealand.

Most recently USAID has been the victim of a cyber attack.

Over 3,000 email accounts at more than 150 different organisations have been targeted in the US, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

The attacks appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts.

+ Tips of preventing a cyber attack

  • The safest place to store your data is a reputable cloud platform, that should have a back-up of your data automatically (check with your provider).
  • Make sure you have 2-factor authentication set up for all online platforms (with phone/text verification set up).
  • Change your online account passwords as a matter of good security practice. Make sure you have strong passwords that you haven’t used for other accounts.
  • Avoid opening unsolicited email attachments.
  • Never give anyone your password, even if they sound plausible.
  • Take extra caution and do not respond to emails or phone calls which may claim to be from a well-known organisation and seeking personal information or asking for money
  • Beware emails that may seem to be from work colleagues or partners - people you know - asking for money, or sending attachments that seem 'off'.  If in doubt check with the person via phone or in person.
  • Make sure all staff are trained in how to spot phishing or suspect emails. Ensure tips are easily available and visible at all times.
  • If you get spammed with unsolicited emails, don't 'unsubscribe'  - that shows the email account is active - just delete the email.
  • Make sure your organisation has insurance for cyber attacks.
  • Attacks will happen when you least expect it and are busy. Be vigilant!
  • If you do get attacked, contact your IT support, cyber security companies, MFAT and the NZ police asap. Don't hesitate!
Your biggest security is good practice amongst all staff. Even organisations who spend millions on cyber security still get hacked.

You don't have to spend a lot to be safe. You just have to be vigilant.

CID will be providing further advice on keeping yourself and your organisation safe.