Story image

CERT NZ: Kiwis have lost $1.9m from cyber incidents since April

11 Dec 2017

Cyber attackers have been successful in causing more than $1.9 million in losses for New Zealanders since April 2017 and $1.18 million of that was from the third quarter, according to CERT NZ’s latest Quarterly Report.

“Between 1 July and 30 September, CERT NZ received 390 incident reports of which the vast majority, 297, were responded to by CERT NZ,” comments CERT NZ director Rob Pope.

78 incidents involved cybercrime that was referred to the New Zealand police for action.

Of the $1,179,259 that was lost, 13% was attributed to financial loss; 5% data loss; 3% operational impacts; 2% reputational loss; 2% technical damage; and 7% was classed as ‘other’.

Pope explains that CERT NZ was launched by the Government in April 2017 with the aim of taking reports about cybersecurity incidents and helping New Zealanders recover.

“The reports we received in the quarter to 30 September show that our relative geographic isolation is no barrier to being affected by these threats,” Pope says.

The damage from ransomware attacks against New Zealand has dropped, despite high-profile attacks such as WannaCry this year. Pope says the reporting rate has dropped by more than 50%.

New Zealand businesses are facing more targeted attacks and phishing emails. 153 incidents involved phishing and credentials harvesting.

“As we noted in our previous report, targeted attacks are on the rise. In this quarter we’re seen an increase in invoice scams impacting New Zealand businesses through a range of means,” he explains.

The report explains the definition of a basic invoice scam as one that sends out fake invoices disguised as invoices for well-known services, such as Xero, PayPal, Office 365 and Apple.

“If recipients pay the bill, they lose their money. If they contact the scammers, the scammers will usually use a variety of social engineering tactics, ranging from persuasion through to bullying, to try and convince them to pay the fake invoice,” the report says.

It also highlights spear phishing and business email compromise scams, in which scammers impersonate a senior executive and ask an employee to pay an urgent bill.

“We have had several reports from businesses with overseas suppliers, who have received fake copies of the suppliers’ invoices. They have also reported that in some cases their suppliers were compromised by attackers, who altered invoices by changing the bank account number from them in order to steal money from legitimate transactions,” the report details.

37 incidents involved successful unauthorised access and 28 involved malware. On the other end of the scale, there were three incidents of command & control server hosting, one incident involving botnet traffic and one Denial of Service attack.

Pope says that any New Zealanders affected by cybersecurity issues should report them to CERT NZ.

“Our team is here to help people who have been affected by cyber security issues by giving them advice and assistance on how to avoid and overcome them. The more reports we receive, the more information we can share with New Zealanders to help them protect themselves,” he says.

If you or your organisation experiences a cyber security threat – or if you suspect you may have been exposed to one – contact CERT NZ any time or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.

Read CERT NZ’s Q3 report here: https://www.cert.govt.nz/about/quarterly-report/q3-report/

Read more about CERT NZ:

Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.
NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.