New Zealand on watch as cyberattack hits 100 countries
New Zealand's spy agencies are monitoring a massive global cyber attack, but there are no reports of it reaching NZ.
A National Cyber Security Centre spokesman said the authorities were aware of the global attacks - but it had not been told any on NZ systems.
The centre works alongside the Government Communications Security Bureau and the newly-established Computer Emergency Response Team (CERT).
A CERT advisory said it appeared the attacks were carried out using phishing emails with a malicious attachment or link.
"Once a single computer in a network is infected with WannaCry, the program looks for other vulnerable computers on the network and infects them as well."
Ministry of Health officials have received precautionary advice about the attacks, a police spokeswoman said.
In the United Kingdom, government health systems were badly hit, departments and doctors' surgeries were forced to turn patients away, and appointments were cancelled.
Authorities in the UK and in Spain, where internal telecom IT systems were infected with malware, said the attack appeared to be "ransomware" - malicious software that infects systems, encrypts data and locks access then demands a payment.
Russian cyber security software maker Kaspersky Lab said its researchers had observed more than 45,000 attacks in 74 countries as of early Friday. Later in the day, security software maker Avast put the tally at 57,000 infections in 99 countries. Russia, Ukraine and Taiwan were the top targets, Avast said.
The pernicious new form of "ransomware" that rapidly spread across the globe reportedly demanded payments of as much as US$600 (NZ$874) to restore access and scrambling data.
There is some speculation the attack is the largest cyberattack in history.
The malware - linked to a hacking group called Shadow Brokers - is called 'Wanna Cry', also known as 'Wanna Decryptor', and locks a user's computer with a payment demand for the cryptocurrency bitcoin.
The extension ".WCRY" or "wcrypt" may be added to infected files.
A live tracking site showed malware attacks affecting New Zealand briefly on Saturday. Police said they were aware of the attacks but, on Saturday morning, there were no reports of New Zealand systems being hit by the ransomware.
"New Zealand police and our cyber crime partners are aware of the ransomware attacks happening overseas including the National Health Service in England.
"At this time police are not aware of any incidents in New Zealand related to the attacks.
"As a precaution police have provided information on the attacks to Ministry of Health officials."
The NCSC spokesman said the centre was working to increase the resilience of the country"s nationally significant computer systems.
"Neither the NCSC or CERT NZ have received any reports of a New Zealand incidence of this ransomware attack.
"The [centre] is aware that the ransomware exploits a known vulnerability in Windows operating systems and has previously provided advice to its customers on addressing this vulnerability.
"We are also working with CERT NZ to provide information on how individuals, small businesses and operators of larger systems can reduce their vulnerability to ransomware attacks."
Britain's National Cyber Security Centre, part of the GCHQ spy agency, said it was aware of a cyber incident and was working with NHS Digital and the police to investigate.
It appears the attack is spreading rapidly around the world, with initial reports saying 14 countries were affected.
Cybersecurity tracking websites say up to 100 countries now appear to have been hit by the malware.
Attacks in New Zealand, and around the world, have increased in the last 12 months.
Ransomware is the most common form of malware reported to the New Zealand National Cyber Security Centre, a report said.
"The [centre] has received reports of ransomware across a large number of victims from New Zealand's private sector as well as individual New Zealanders.
"The [centre] also detects ransomware attempts against networks of national importance but their higher level of network security is typically enough to prevent infection."
Figures from the centre - which is run from the Government Communications Security Bureau (GCSB) - said the number of attacks in New Zealand increased from 190 in the 2014/15 year to 338 in 2015/16.
The majority of attacks - 169 - hit the public sector.
"This increase is primarily due to the expanding capacity of the [centre] to detect and respond to more incidents.
"Cyber threats are proliferating along with the diverse range of internet-connected technologies and the increasing range of malicious actors.
"The [centre] remains focused on countering sophisticated, foreign sourced cyber threats and protecting New Zealand's networks of national importance.
"Of the 338 incidents, 169 were associated with public sector entities and at least 73 involved the private sector; the remainder involved individuals, small businesses and some instances...where the victim is not readily identifiable."
The report said the cyber centre provided hands-on support for sophisticated attacks.
On 28 occasions, the centre stepped in to help 18 organisations, including nine private sector companies.
With most cyberattacks, attribution was difficult to confirm, the report said.
Publicly identifying attacks was also risky, because many organisations were reluctant to disclose vulnerability.
"Attribution is difficult for incidents and events that occur in cyberspace.
"The way the internet operates, and its physical distribution across numerous countries, makes it very difficult to assign responsibility for an act to an individual."