Story image

$2.9 million gone: Kiwis hit by more than 500 cybersecurity incidents

30 May 18

The first three months of 2018 were busier than ever for cybercriminals, who managed to steal $2.9 million from New Zealanders through methods including phishing, fraud, ransomware, and website compromise attacks.

CERT NZ’s Q1 2018 quarterly report covers reports between January 1 and March 31. Although the losses are a slight drop from the $3.4 million reported last quarter, CERT NZ director Rob Pope says they continue to be a significant threat.

Phishing, credential theft most dangerous in Q1

Phishing attacks and credential theft were responsible for 196 of the 506 reported incidents. Scams and fraud are also prevalent in New Zealand: They were responsible for 168 incidents – a 21% increase from last quarter’s figures.

However, New Zealanders aren’t letting phishing websites lure in more victims – CERT NZ helped with 102 takedown requests either directly or by supporting reports made by banks and financial services organisations.

Unauthorised access accounted for 60 incidents – a 67% increase. There was also a 133% increase in reported vulnerabilities (35). Ransomware was only responsible for 13 incidents but there were two new ransomware variants spotted: ‘Rapid’ and ‘David’.

Individuals snared by scams; phishing baits organisations

Scams and fraud most affected individuals (153 reports); while phishing and credential harvesting impacted 118 organisations.

Individuals also bore the brunt of 75% of all direct financial losses ($2,208,644), while businesses reported $728,318 in direct financial losses.

New Zealand’s finance/insurance and tech sector reported the most incidents; accounting for 44% and 11% of reports respectively.

Overall, 33% of incidents involved financial loss; 6% involved data loss; 3% affected operational impacts; 2% involved operational loss; 3% caused technical damage; and 4% involved other types of loss.

Over-55s most impacted by financial loss

This quarter’s report breaks incident reports down by age group. Pope says the losses are especially pronounced from those in the over-55 age group.

87% of the value of financial loss impacts people over 55; while only 13% impacts those under 55.

“New data analysis this quarter shows that this has been particularly harmful for victims in the over-55 age group who have reported losing more money than any other age group,” says Pope.

Those over 65 lost $1 million – the highest losses across all age groups. Those aged between 55 to 64 reported the second-highest losses of $724,000.

CERT says age-impact data helps the team develop specific outreach programmes that work for the communities it is targeting.

“It’s insights like these that show the value of having a national CERT. Our role is not only helping specifically impacted individuals, but using the information from incident reports to help all Kiwis improve their cybersecurity,” Pope says.

“We use our data to support technical and non-technical people and organisations all over New Zealand. We do this in a range of ways, from working on new methods to disrupt models of attack to building outreach activities that help people take simple actions to protect themselves online.”

CERT NZ welcomes cybersecurity incident reports

New Zealanders who suspect they have experienced a cybersecurity issue should report it to CERT NZ at www.cert.govt.nz.

DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.