Cyber Security Advisory CSA-007-16

Posted May 03, 2016
Security Advisories

The NCSC is aware of an extortion campaign currently targeting New Zealand organisations. Several organisations have received extortion emails threatening a Distributed Denial of Service attack (DDoS) unless a payment in Bitcoins is made to the email sender.

The NCSC is not currently aware of any instances where the threat to carry out an attack has been realised.

Any organisation receiving an extortion email should report the threat to their local police http://www.police.govt.nz/contact-us/stations(external link).

We also recommend speaking with your Internet Service Provider (ISP) regarding advice and any specific DDoS mitigations that may be needed.

Preparation is the most effective method of withstanding a DDoS attack. However, if your organisation is currently being targeted, there are a number of measures you can consider taking to reduce the impact of the attack.

Contact your Internet Service Provider to discuss their ability to help you manage or mitigate the attack.
Where applicable, temporarily transfer online services to cloud-based hosting providers that have the ability to withstand DDoS attacks.
Use a denial of service mitigation service for the duration of the DDoS attack.
Disable website functionality or remove content that is being specifically targeted by the DDoS attack. For example, search functionality, dynamic content or large files.

The full Cyber Security Advisory CSA-007-16 is available here [PDF, 192 KB]

Latest headlines

NCSC and partner agencies publish top 15 common vulnerabilities for 2023

Cyber Security Alert: CVE affecting Synology Photos

NZSIS, NCSC and partners launch security advice for tech start-ups

Don’t give to the Scamathon!