SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
DDoS
#
Email Security
Flubot malware, botnets, phishing round out top security issues plaguing Kiwis in Q3
Wed, 8th Dec 2021
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Malware and scams continue to plague thousands of New Zealanders, laying $3.3 million to waste in just three months.

CERT NZ released its Q3 Quarterly Report this week, bringing the total to 2,072 reports between 1 July and 30 September. There was a 53% rise in the number of cases reported to the agency compared to Q2.

Of these reports, 1,071 related to phishing or credential harvesting; 488 related to scams and fraud; 225 related to unauthorised access; and 151 related to malware. Website compromise; ransomware; suspicious network traffic; denial of service; botnet traffic; C-C server hosting, and ‘others' rounded out the top incident report categories.

However, direct financial losses from security incidents have dropped slightly to $3.3 million, down from $3.9 million in Q2. While these are still staggering numbers, there is a marked improvement from the $6.4 million lost in Q3 last year. In total, 52% of incidents reported losses of below $500, while seven incidents involved losses of more than $100,000.

CERT NZ highlights a rise in malware attacks compared to the previous period (up from 32 reports in Q2 to 151 reports in Q3). Director Rob Pope says attacks are getting more sophisticated, pointing to the FluBot malware as a prime example. The FluBot malware is spread via text messages. When a user with an Android phone clicks the link inside the text message, the malware is installed.

The agency explains, “Once the malicious application is installed it can extract data from the phone, like credit card and banking details. It also automatically redistributes the text message to contacts it has stolen from other infected devices. Once the message is sent, the phone blocks the number so the recipient cannot respond to avoid raising any suspicion with the sender.

The malware was also evolving as it conducted its attacks. As a result, Pope says, “the messages were changing as fast as we could report on them.

Graphic supplied by CERT NZ.

While tech support calls never disappeared from the threat landscape, they seem to be putting more pressure on New Zealanders, who are reporting more cases. There were 72 reports in Q3, up from 45 in the previous quarter.

The report also suggests a rise in the number of distributed denial of service (DDoS) attacks conducted via botnets. Botnets are large groups of compromised IoT devices such as sensors, internet-connected cameras, and even internet routers.

“By simply changing the default passwords that come with the device and updating the software, you can keep your new toys out of the hands of attackers. And if your device doesn't really need to be connected to the internet, disconnect it,” says Pope.

You can report cybersecurity incidents to CERT NZ by visiting https://www.cert.govt.nz/individuals/report-an-issue/ or phoning 0800 CERT NZ, Monday to Friday, 7:00 am – 7:00 pm.

Related stories
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Cisco launches Hypershield for AI-driven security upgrade
Keeper Security launches user-friendly passphrase generator
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption