Fire & Emergency NZ IT Supplier hit by Cyberattack

Fire and Emergency New Zealand (FENZ) is one of several organisations impacted by a cyberattack on Auckland-based IT services firm Lantech earlier this week. Lantech features FENZ as a customer case study on its website, wherein Lantech mentions that it provided wireless connectivity and security services for FENZ.

When asked for confirmation on whether or not the cyberattack was continuing to impact the emergency services, a spokesman for the emergency services said that "We can confirm all Fire and Emergency systems are operational."

Lantech chief executive Ray Noonan issued a public statement to address the incident. "On May 29, Lantech experienced a cyber security incident impacting its vOffice platform with a limited number of customers impacted. As soon as Lantech became aware of this issue we engaged external specialist support, our investigations are in the early stages, and we have informed and are working with the relevant government agencies. We have communicated directly with the customers impacted by this event and are in contact with the office of the Privacy Commissioner."

Noonan was asked whether the attack had a ransomware component, to which he replied that "We know that malicious actors can be aware of public statements about incidents. We are not prepared to provide additional comment on the nature of the incident and our response at this time."

Over the past year there have been an increasing number of cyberattacks on IT services companies, and New Zealand is fast becoming a prime target for foreign attackers. In October 2022, Justice Minister Kiri Allan ruled out a potential law to make ransomware payments illegal in New Zealand. Just two months later, Wellington-based IT company Mercury IT had its files for Accuro, BusinessNZ, the Coroners Court and the NZ National Nurses Association compromised.

InternetNZ, who administer the top-level .nz domain names, is still currently in the throes of establishing exactly what caused multiple websites under its control to go offline, citing that an upgrade to its security keys "went haywire". Whether or not this can be attributed to foreign interference is unknown at this stage, though New Zealand companies are being urged to consider their cybersecurity defences.

Australia's 2023 Budget saw A$46.5 million ($76.34m) dedicated specifically to co-ordinate multi-agency efforts in the event of a cyber incident. Their budget also saw the e-safety Commissioner's funding quadruple (receiving a A$131m injection), along with A$86.5m to establish a new National Anti-Scam Centre and Australia's first SMS Sender ID Registry, which will prevent scammers from imitating trusted brand names. For comparison, New Zealand's national cyber defence organisation, Netsafe, has a budget of just $4m.