New Zealand and Australian organisations are at increased risk of cyber attacks by pro-Russian criminal groups and "hacktivists" according to a threat advisory just released to the public by Australasian cyber security services provider CyberCX.

Cyber intelligence experts at the company are actively monitoring the conflict in Ukraine and its implications, saying that organisations in both New Zealand and Australia face a real chance of ransomware, data theft extortion and distributed denial-of-service (DDoS) attacks.

Adam Boileau, executive director of Security Testing and Assurance at CyberCX says those most at risk are high profile businesses and organisations, especially if they operate critical infrastructure, have taken a public stance against the conflict, are seen to be involved in enforcing sanctions against Russia or operate in sectors equivalent to those in Russia that have been targeted by sanctions - such as energy and financial services.

"With attacks already identified against energy, logistics and IT organisations in NATO countries, the risk for New Zealand and Australia has definitely increased," he says.

"CyberCX has observed three of the most significant cyber crime groups with Russian links targeting Australian and New Zealand organisations within the last six months, indicating an increased risk to critical infrastructure providers in Australasia. New Zealand is definitely on the radar of cyber attackers, and shouldn’t be fooled into thinking it is protected due to geographical isolation".

Alongside this, CyberCX reports, cyber criminals with no ideological or geographical ties to the Russia-Ukraine conflict are expected to increasingly exploit it through phishing and cyber-enabled fraud attacks against Kiwi and Australian organisations. For example, fake donation drives have been identified on social media sites, including TikTok and Twitter, with scammers claiming to be Ukrainians in urgent need of assistance in the form of cryptocurrency.

Cyber activity to do with the conflict has also increased hugely, with more "noise" in the cyber crime ecosystem making it harder for regional organisations to assess and monitor threats. Along with intense public interest and publicity focussed activities by hacktivist groups, misreporting and false information has also skyrocketed, the report says.

Earlier this year the National Cyber Security Centre estimated their intervention prevented approximately $119 million worth of harm to nationally significant organisations in the year ending July

2021, however, with businesses across New Zealand remaining exposed to the risk posed by hackers sheltering out of reach of Western law enforcement, including in China, North Korea and Eastern Europe, and now even more so in Russia and Ukraine, CyberCX says it’s more important than ever for organisations to evaluate and assess their cyber risks and security systems.