Story image

$2.9 million gone: Kiwis hit by more than 500 cybersecurity incidents

30 May 2018

The first three months of 2018 were busier than ever for cybercriminals, who managed to steal $2.9 million from New Zealanders through methods including phishing, fraud, ransomware, and website compromise attacks.

CERT NZ’s Q1 2018 quarterly report covers reports between January 1 and March 31. Although the losses are a slight drop from the $3.4 million reported last quarter, CERT NZ director Rob Pope says they continue to be a significant threat.

Phishing, credential theft most dangerous in Q1

Phishing attacks and credential theft were responsible for 196 of the 506 reported incidents. Scams and fraud are also prevalent in New Zealand: They were responsible for 168 incidents – a 21% increase from last quarter’s figures.

However, New Zealanders aren’t letting phishing websites lure in more victims – CERT NZ helped with 102 takedown requests either directly or by supporting reports made by banks and financial services organisations.

Unauthorised access accounted for 60 incidents – a 67% increase. There was also a 133% increase in reported vulnerabilities (35). Ransomware was only responsible for 13 incidents but there were two new ransomware variants spotted: ‘Rapid’ and ‘David’.

Individuals snared by scams; phishing baits organisations

Scams and fraud most affected individuals (153 reports); while phishing and credential harvesting impacted 118 organisations.

Individuals also bore the brunt of 75% of all direct financial losses ($2,208,644), while businesses reported $728,318 in direct financial losses.

New Zealand’s finance/insurance and tech sector reported the most incidents; accounting for 44% and 11% of reports respectively.

Overall, 33% of incidents involved financial loss; 6% involved data loss; 3% affected operational impacts; 2% involved operational loss; 3% caused technical damage; and 4% involved other types of loss.

Over-55s most impacted by financial loss

This quarter’s report breaks incident reports down by age group. Pope says the losses are especially pronounced from those in the over-55 age group.

87% of the value of financial loss impacts people over 55; while only 13% impacts those under 55.

“New data analysis this quarter shows that this has been particularly harmful for victims in the over-55 age group who have reported losing more money than any other age group,” says Pope.

Those over 65 lost $1 million – the highest losses across all age groups. Those aged between 55 to 64 reported the second-highest losses of $724,000.

CERT says age-impact data helps the team develop specific outreach programmes that work for the communities it is targeting.

“It’s insights like these that show the value of having a national CERT. Our role is not only helping specifically impacted individuals, but using the information from incident reports to help all Kiwis improve their cybersecurity,” Pope says.

“We use our data to support technical and non-technical people and organisations all over New Zealand. We do this in a range of ways, from working on new methods to disrupt models of attack to building outreach activities that help people take simple actions to protect themselves online.”

CERT NZ welcomes cybersecurity incident reports

New Zealanders who suspect they have experienced a cybersecurity issue should report it to CERT NZ at www.cert.govt.nz.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.