sb-nz logo
Story image

364 incidents in just three months: CERT NZ reports from the cybersecurity frontline

10 Aug 2017

New Zealanders have reported 364 cybersecurity incidents in just three months, costing us upwards of $730,000. CERT NZ today published the results of its first report on New Zealand’s cybersecurity landscape since its launch in April.

The report shows that 33.6% of total reports submitted to CERT NZ were phishing and malware attacks.  There were 96 reported incidents of phishing attacks, 49 malware attacks, 42 incidents of unauthorised access and 37 incidents of scam and fraud.

Further down the list, there were 33 reported ransomware, 13 website compromise, six incidents of denial of service, six suspicious network traffic incidents, three of botnet traffic and one of C&C server hosting.

In one case, phishing emails were sent from a .nz email address, and contained links to fake websites designed to capture financial information. CERT NZ worked with the internet service provider to block the email address and stop the attacker from sending any more phishing emails.

The report found that 28% of people who reported incidents to CERT NZ said they had suffered some form of loss.  8% cited data loss, 7% cited operational impacts, 5% cited financial loss, 3% cited reputational loss, 2% cited technical damage and 12% cited other forms of loss.

CERT NZ director Rob Pope says Kiwis need to be vigilant online.

“We need to be vigilant online. CERT NZ has seen reports of cybersecurity incidents ranging from threats that people have been able to mitigate, all the way through to people experiencing significant financial loss. In this first quarter alone, people have told us that they have lost more than $730,000,” he comments.

Overall, the Wellington region reported the most incidents (82), followed by Auckland (62), Canterbury (22) and Bay of Plenty (20). Gisborne featured lowest on the list, with only one incident report. 42 incidents did not mention location.

Despite the global furore caused by the WannaCry ransomworm, CERT received only six reports from small businesses in New Zealand.

Tips to prevent ransomware attacks:

  • Always update your operating systems and apps
  • Install antivirus software
  • Don’t enable macros in Microsoft office
  • Install a firewall
  • Back up files regularly, including one to an external hard drive and one to a cloud service
  • For businesses, keep support contracts up to date.

Information from the report is now a baseline dataset that will be used as a foundation for understanding which cybersecurity threats affect New Zealanders.

Pope urges all New Zealanders who are affected by cybersecurity issues to report them to CERT.

“It doesn’t matter if you’re not sure exactly what type of issue you’re facing, Our team is here to help people who have been affected by cyber security issues by giving them advice and assistance on how to avoid and overcome cyber security threats,” he says.

If you or your organisation experiences a cyber security threat – or if you suspect you may have been exposed to one – contact CERT NZ via www.cert.govt.nz any time or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.

Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Gartner names ThreatQuotient a representative vendor for SOAR
The company is listed in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions.More
Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More