On average 33 .nz websites are hacked every month, says Ken Low, senior security manager of 3Com Asia Pacific, secure networks vendor.
From December 2000 to March 2006, 2,123 .nz websites were hacked, he says. Of these, 1,641 had a .co.nz address, but .net.nz, .org.nz, .govt.nz and others have been hit as well. Low says there is no particular area of the .nz domain that is more secure or safe.
Compared to other OECD-countries, 33 websites hacked a month is at the mid to low level. Australia is much worse off, says Low. Nearly 200 government websites were hacked in Australia over a couple of years, while in New Zealand the equivalent number would be closer to 15, according to Low.
“Apart from the fact that Australia has a bigger population, there are also political and religious reasons behind a lot of attacks, whereas New Zealand in general is seen as a neutral country.”
Out of the top ten hackers targetting New Zealand, four are most likely local, as Low hasn’t come across them anywhere else. The rest are internationally known criminals, he says.
“Hacking in New Zealand won’t stop, and the problems won’t disappear,” he says. Traditional intrusion detection solutions aren’t enough. “Antivirus software and firewalls are too slow, and servers are not patched in time. New vulnerabilities happen every day and organisations need to be ahead of vulnerabilities and ahead of the attacks.”
“There is a need for intrusion prevention systems,” he says.
3Com’s network-based intrusion prevention system Tipping Point delivers protection of applications,
infrastructure and performance, and has a powerful network protection, says Low.
Kaon Technologies sells the product in New Zealand, and the company also uses it.
“We don’t have to worry about the attacks anymore, we just print the report of hacking attempts every week,” says Tony Krzyzewski, managing director of Kaon Technologies.
As the attack landscape changes, the responses to attacks have to change too, he says.