NZ Incident Response Bulletin – December 2024

Preparing for a Secure Holiday Season: A Guide for New Zealand Organisations Heading into 2025

As the festive season approaches, businesses across New Zealand often wind down operations, making it an opportune time for cybercriminals to exploit vulnerabilities. Cybersecurity risks don’t take a break, and the rise of sophisticated attacks underscores the importance of being vigilant, even during the holiday season. Here’s what New Zealand organisations should prioritise to secure their systems and prepare for 2025.

1. Understand the Threat Landscape

Both the Australian Signals Directorate (ASD) Cyber Threat Report 2023-24 and Google’s Cybersecurity Forecast 2025 highlight the evolving nature of cyber threats in the following ways:

  • State-Sponsored Attacks: Advanced Persistent Threats (APTs) from state actors, especially from the “Big Four” (China, Russia, Iran, and North Korea) continue to grow in sophistication driven by geopolitical tensions and strategic objectives. These attacks leverage sophisticated malware to target critical infrastructure, government entities, and key industries.
  • Cybercrime Trends: Ransomware, phishing, and credential theft are on the rise, with attackers increasingly exploiting AI to craft realistic scams and automate attacks.
  • Living Off the Land (LOTL) Techniques: Attackers are increasingly using built-in tools and vulnerabilities to avoid detection and maintain access. By exploiting built-in administrative tools and processes already present in the victim’s network such as PowerShell or Windows Management Instrumentation (WMI),  attackers camouflage their activities to blend seamlessly with legitimate operations. This technique reduces the likelihood of detection by traditional security mechanisms and are increasingly used to compromise critical infrastructure.

For New Zealand, our proximity to Australia and shared geopolitical interests means similar risks, particularly to critical sectors like energy, healthcare, and government services.

2. Prepare for AI-Driven Threats

Artificial Intelligence (AI) is a double-edged sword in cybersecurity:

  • Attackers Using AI: Expect AI-powered phishing campaigns and deepfake-driven identity theft to surge, creating more sophisticated scams and bypassing traditional defences. For example, AI-generated voice spoofing has been deployed in vishing attacks, while deepfakes are increasingly used for fraud and identity theft. AI also aids adversaries in vulnerability research, code development, and automating reconnaissance, enabling quicker and more targeted exploitation.
  • Defenders Leveraging AI: Organisations must adopt AI-enabled tools for anomaly detection, threat hunting, and rapid response. These tools can help mitigate human error and improve efficiency.

3. Secure Critical Systems Before the Break

The holiday season is prime time for cyberattacks due to reduced staffing. We recommend the following measures:

  • Implement Multi-Factor Authentication (MFA): Protect critical accounts and systems with phishing-resistant MFA to reduce the risk of credential compromise.
  • Patch Known Vulnerabilities: Ensure all systems, including legacy infrastructure, are updated to address publicly disclosed vulnerabilities.
  • Monitor for Abnormal Activity: Use AI-driven tools to detect unusual behaviour and respond swiftly, especially in critical sectors like healthcare or utilities.

4. Strengthen Incident Response Planning

Preparation is crucial for mitigating the impact of a cyber incident. Focus on the following activities:

  • Develop and Test Incident Response Plans: Simulate potential scenarios such as ransomware attacks or phishing campaigns to ensure all team members understand their roles.
  • Backup Critical Data: Regularly back up important data and ensure backups are offline, tested, and secure.
  • Engage Key Partners: Collaborate with cybersecurity professionals and government agencies like CERT NZ to stay informed about emerging threats and available resources.

5. Build a Cyber-Resilient Culture

Long-term cybersecurity requires a proactive approach. Consider the following actions to future proof your organisation:

  • Train Staff: Educate employees about recognising phishing attempts, securing devices, and reporting suspicious activity. Access our learning management system here.
  • Adopt “Zero Trust” Models: Implement least privilege access and continuously verify users and devices within your network.
  • Plan for Quantum Security: Begin considering post-quantum cryptography to future-proof systems against evolving threats. NIST has finalised its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer.

6. Plan for 2025: A Secure Start

Looking ahead, organisations should prioritise:

  • Cyber Governance: Implement a suitable framework such as the CIS Controls, measure your current security maturity and continually improve.
  • Cloud Security: With the increasing adoption of cloud services, ensure robust security configurations, regular audits, and identity management protocols are in place.
  • Supply Chain Security: Vet third-party vendors and implement strategies to mitigate risks arising from their potential vulnerabilities.
  • Regular Updates to Protocols: As cybercriminals innovate, so must your defences. Regularly review and refine your cybersecurity policies.

Staying Vigilant During the Holidays and Beyond

While the Christmas season is a time to relax, it is also a time to remain vigilant. By understanding the threat landscape, leveraging AI, securing critical systems, and fostering a culture of resilience, New Zealand organisations can enjoy peace of mind during the holidays and start 2025 on solid ground. Cybersecurity is a shared responsibility—stay informed, prepared, and proactive.

For more guidance, visit CERT NZ or connect with cybersecurity partners who can help secure your operations this holiday season and beyond.

About the Bulletin:

The NZ Incident Response Bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Also included are articles written by Incident Response Solutions, covering topical matters. Each article contains a brief summary and if possible, includes a linked reference on the web for detailed information. The purpose of this resource is to assist Executives in keeping up to date from a high-level perspective with a sample of the latest Forensic and Cyber Security news.

To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.

This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.