CERT NZ: Kiwis lose $7.8m to cyber attacks; incident reports soar
CERT NZ's latest cybersecurity figures show that attacks of all kinds keep pummelling New Zealand, and more people understand where they should be reporting these attacks.
Between 1 January and 30 June, CERT NZ received 3102 incident reports – a 42% increase on the same period last year. Of these, almost 60% came from individuals and 40% came from individuals.
Incident reports spiked in April, one month after pandemic lockdowns began. But COVID-19 scams only accounted for 3% of the total increase in scam and fraud incidents.
CERT NZ director Rob Pope says “Although COVID-19 created opportunities for cyber attackers, the majority of incidents reported to us were not specifically about the pandemic.
Reported financial losses have hit $7.8 million for the year to date, adding to more than $44 million in losses since CERT NZ started reporting these figures in 2017.
Pope says, “The increase on reporting and reduction in financial loss could mean that New Zealanders are developing a heightened awareness of cybersecurity threats as we've become more dependent on digital services.”
The most common incidents include scam and fraud reports, phishing and credential harvesting, and online trading scams.
The common, growing issue of webcam email extortions, which accounted for 478 reports over the period. These types of scam use blackmail techniques to convince people that their webcam was hacked while they visited an adult website, which then recorded the activities. It's far from the truth – a scammer has just obtained a password from leaked data and then pretends to have access to the victim's computer.
CERT NZ also highlighted a particularly nasty phishing campaign that pretended to be from the New Zealand Transport Agency. This campaign sent out thousands of emails to New Zealanders and asked them to renew their vehicle registrations.
People who clicked the link in the email were taken to a fake NZTA webpage that stole credit card details.
CERT NZ notes, “Perhaps even more concerning, is that the driver license details obtained by the attacker can be used to commit not only financial fraud but also identity fraud. Driver license holders may not be aware of this until months or years down the track when they are denied credit. It's a good idea to check your credit status every year. That way, you can see if any accounts have been opened in your name.
There were also 54 other reported incidents that involved phishing emails or sites that impersonated well-known New Zealand brands.
“It's really important to maintain cyber smart habits. As we increasingly spend more of our lives online, attackers are constantly developing new and more sophisticated campaigns,” says Pope.
“The data we gather from these reports and others is vital in helping us understand the evolving threat landscape. The more we know about the types of incidents affecting New Zealanders, the more we can help New Zealanders and their businesses stay safe online.
If you or your business experiences a cybersecurity incident contact CERT NZ any time at www.cert.govt.nz or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.
- 3,102 incidents were received by CERT NZ between 1 January and 30 June 2020. This is a 42% increase compared to the same time period last year.
- 1,137 incidents were reported in Q1 and 1,965 incidents were reported in Q2.
- 820 incidents were reported in April 2020, the greatest number of reports CERT NZ has received in one month since it was established in April 2017.
- In the first half of the year, reported direct financial loss was $7.8 million. However, there was a significant reduction in financial loss in Q2 at $1.8m compared to $6m in Q1.
- Phishing accounted for 48% of incidents reported in the first half of the year.
- Scams and fraud accounted for 37% of incidents reported in the first half of the year. Particularly, there was a peak in reports in April 2020, which was 229% increase on Q4 2019 figures.
Full statistics are available in CERT NZ's Quarterly Report: Highlights Q1 - Q2 2020report, and the Quarterly Report: Data Landscape Q1 - Q2 2020.