Story image

CERT NZ: Kiwis have lost $1.9m from cyber incidents since April

11 Dec 17

Cyber attackers have been successful in causing more than $1.9 million in losses for New Zealanders since April 2017 and $1.18 million of that was from the third quarter, according to CERT NZ’s latest Quarterly Report.

“Between 1 July and 30 September, CERT NZ received 390 incident reports of which the vast majority, 297, were responded to by CERT NZ,” comments CERT NZ director Rob Pope.

78 incidents involved cybercrime that was referred to the New Zealand police for action.

Of the $1,179,259 that was lost, 13% was attributed to financial loss; 5% data loss; 3% operational impacts; 2% reputational loss; 2% technical damage; and 7% was classed as ‘other’.

Pope explains that CERT NZ was launched by the Government in April 2017 with the aim of taking reports about cybersecurity incidents and helping New Zealanders recover.

“The reports we received in the quarter to 30 September show that our relative geographic isolation is no barrier to being affected by these threats,” Pope says.

The damage from ransomware attacks against New Zealand has dropped, despite high-profile attacks such as WannaCry this year. Pope says the reporting rate has dropped by more than 50%.

New Zealand businesses are facing more targeted attacks and phishing emails. 153 incidents involved phishing and credentials harvesting.

“As we noted in our previous report, targeted attacks are on the rise. In this quarter we’re seen an increase in invoice scams impacting New Zealand businesses through a range of means,” he explains.

The report explains the definition of a basic invoice scam as one that sends out fake invoices disguised as invoices for well-known services, such as Xero, PayPal, Office 365 and Apple.

“If recipients pay the bill, they lose their money. If they contact the scammers, the scammers will usually use a variety of social engineering tactics, ranging from persuasion through to bullying, to try and convince them to pay the fake invoice,” the report says.

It also highlights spear phishing and business email compromise scams, in which scammers impersonate a senior executive and ask an employee to pay an urgent bill.

“We have had several reports from businesses with overseas suppliers, who have received fake copies of the suppliers’ invoices. They have also reported that in some cases their suppliers were compromised by attackers, who altered invoices by changing the bank account number from them in order to steal money from legitimate transactions,” the report details.

37 incidents involved successful unauthorised access and 28 involved malware. On the other end of the scale, there were three incidents of command & control server hosting, one incident involving botnet traffic and one Denial of Service attack.

Pope says that any New Zealanders affected by cybersecurity issues should report them to CERT NZ.

“Our team is here to help people who have been affected by cyber security issues by giving them advice and assistance on how to avoid and overcome them. The more reports we receive, the more information we can share with New Zealanders to help them protect themselves,” he says.

If you or your organisation experiences a cyber security threat – or if you suspect you may have been exposed to one – contact CERT NZ any time or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.

Read CERT NZ’s Q3 report here: https://www.cert.govt.nz/about/quarterly-report/q3-report/

Read more about CERT NZ:

Chorus fibre roll out picks up pace
Chorus has announced that 50% of fibre installations are now being completed within a day.
Keep security in check when doing your mobile banking
Most mobile banking attacks happen through social engineering, which is when people are manipulated to hand over their usernames and passwords to cybercriminals.
AI, big data could be key to improving Māori health
"Being able to get experts of this level together to start exploring how we use data to ultimately better the lives of New Zealanders is one that we were determined to be involved with," says ACC chief.
Human assets the key to a successful digital transformation
Y Soft's Martin de Martini says it's vital that organisations continue to train and motivate their employees.
New blockchain solution aims to keep our food ethical
OpenSC enables anyone to scan product QR codes which automatically takes them to information about where a specific product’s journey.
Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.