Cybercrime in Papua New Guinea: what businesses need to know to stay safe [analysis]


Cybercrime is as alive in Papua New Guinea as it is in the rest of the world. Happymabel Ketias-Zingunzi, Associate Director, Advisory Services at KPMG PNG, analyses some common cybersecurity risks and provides advice to protect sensitive data.

Cybersecurity is the one area where nothing short of ‘best practice’ will suffice in order to protect your business, because cyber threats are constantly evolving.

Cybercrime has targeted PNG businesses more than once and, like it or not, hackers will continue to find ways to infiltrate systems.

Yet there are things we can do to protect our businesses. Here are a few examples:

Check the backdoor

In 2022, we were reviewing the IT environment of an audit client as part of its annual financial audit process and found an unknown generic account on the client’s network that had been active since 2016.

The account was set up through a hacking method called backdoor. This is when an account is created on the network to send information to an offshore server without being detected. This enables hackers to gain command and control (and yes, no one will notice).

Story continues after advertisment...

‘Just because you have not received a ransom request, this does not mean you have not been hacked and you are not being watched.’

This is the frightening thing: the company had no idea a hacker was monitoring its systems and collecting information.

This lesson for all businesses: just because you have not received a ransom request, this does not mean you have not been hacked and you are not being watched. So check the backdoor.


A finance staffer received a targeted email with what seemed like a malicious document attached. The sender was, in theory, another finance staff member. On first glance, the email looked legitimate and even replicated previous internal correspondence.

The user reported this email as phishing. After analysing it, the company found that hackers had embedded a ‘keylogger’ virus designed to go undetected.

This virus records the keystrokes of a staff member, allowing hackers to obtain sensitive information like passwords, thus gaining unauthorised access to bank accounts or systems.

The lesson here: when in doubt, double-check with the sender or your manager.


A notorious cybercrime syndicate called CL0P recently made international headlines for its ransom demands.

The group, which seems to have targeted PNG companies too, obtained confidential information after hacking into a third-party software several companies use to transfer sensitive data.

The victims were given seven days to pay the ransom. If they didn’t pay, CL0P would leak the stolen data on the dark web (something similar to what happened to insurance giant Medibank Private in Australia).

These examples highlight the importance of active monitoring of user access listing both on application and domain level. This has to be done periodically and must be reconciled to an updated staff listing.

In PNG, we have seen hackers looking for administrative-level credentials on local and domain level to allow them greater control and increased visibility of network resources.

Once through the firewall, they will study staff patterns and conduct several activities undetected until they reach their end goal: stealing money or sensitive information (‘data exfiltration’) or causing long-term damage to your systems and reputation.

Where data exfiltration is not possible, cybercriminals will search through databases and applications looking for bank accounts, stock trading accounts, corporate encryption certificates, or anything else they may be able to sell.

Insider threats

Although this has not been reported in PNG yet, in recent months there have been cases of insider threats causing data breaches in companies.

For instance, a former employee of a medical centre accessed sensitive data and sent it to their personal email. They then started threatening patients with that information.

This highlights the importance of implementing best practices around data security and access segregation to prevent data and cybersecurity breaches.

Some of the cybersecurity techniques to help prevent and detect breaches include:

  • Monitor network activity for unusual behaviour, such as someone sitting on the network spying and taking data offsite. Do this by regularly reviewing your user listing for all accounts and access.
  • Conduct regular cybersecurity training for employees to educate them on data breach risks, attack techniques, and data security.
  • Identify the computers or servers where sensitive personal information is stored and provide privileged access to these servers on a need-to-use basis.
  • Implement access controls such as multi-factor authentication to limit access to sensitive data.
  • Regularly update software and hardware to ensure that all systems are up to date.

Happymabel Ketias-Zingunzi is Associate Director, Advisory Services at KPMG PNG. This is an edited version of the story ‘Cybercrime in Papua New Guinea: What businesses need to know to stay safe’, first published in the June 2023 edition of KPMG PNG’s Kundu.

Leave a Reply