Story image

Cost of cybercrime creeps up

01 Oct 2010

Like other forms of crime, cybercrime has an impact on the victim far beyond the immediate financial cost.

70% of New Zealand adults have experienced some form of cybercrime according to the Norton Cybercrime Report: The Human Impact and their most common response is anger (72%), followed by annoyance (67%) and frustration (49%).

Cybercrime costs Kiwis on average NZ$528.73 to resolve and 28% of those surveyed said they never fully resolved the cybercrime with some also counting time and the emotional burden as other costs. For those who did get a resolution, it took 28 days on average to sort, which was the biggest hassle for 33% of victims surveyed, while 21% of survey participants noted the general feelings of stress and anger as the biggest hassle caused by the cybercrime.

Many Kiwis are using computers that they don’t realise are infected with botnets, Trojans, or keystroke loggers. These forms of malware rely on stealth forms of operation. Most cybercriminals are very careful to avoid detection; their lines of code are silently dropped onto your system and then remain in place, conducting the cybercriminal business without your immediate knowledge. Cybercrime is silent. Cybercrime is also nearly invisible.

Cybercrime affects most New Zealanders Nine in 10 respondents say they are thinking about cybercrime and only 3% think cybercrime won’t happen to them. Computer viruses or malware were found to be the most common type of cybercrime experienced, with almost two out of three New Zealanders having computer viruses or malware appearing on their computer. In addition, approximately one in three said they had experienced other types of cybercrime.

 Cybercrime today can include social engineering, spam and phishing attacks – across a range of media, including email, chat and social networking sites – to steal bank account numbers and other confidential information, as well as whole identities, often for financial gain.

Social engineering

More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering is likely the world’s second oldest profession and its exploitation in the digital world was nothing unexpected. However, we have seen its effectiveness improve even further thanks to Web 2.0. Popular social networking applications attract millions of users every day, posting photos and updates from their daily lives, making contact with friends and business associates, connecting with new people through groups and events. We have become accustomed to receiving emails announcing so-and-so would like to be our "friend” or is now "following” us. Attackers take advantage of this and devise ever-more creative and convincing tricks to get users to download malware or divulge sensitive information.


Phishing attacks are a prime example of a socially engineered threat. Phishing URLs are usually delivered by spam email. The phishing website mimics the legitimate website of the organisation whose brand is being spoofed. The motive behind most — if not all — phishing is financial gain. Phishers typically exploit brands associated with the financial sector because they’re after online banking account and login details.

Through the first half of 2010, approximately one in every 476 emails included some form of phishing attack. There have been numerous bank phishing scams and social networking sites were also hit with phishing attacks.

Botnet attacks

Botnets are collections of thousands of computers owned by regular people and secretly controlled by cybercriminals. With a huge botnet comes real power, from unsuspecting PC owners directed toward targets such as governmental agencies and private and public companies.

Botnets can work by stealing information from thousands (or millions) of individual computers. Cybercriminals can tell their botnet armies to install spyware, like keystroke logging malware, and to report back sensitive information, like banking login passwords or credit card numbers. The criminal can then use the information personally, or sell it to others who will take advantage of it. Unfortunately each computer in a botnet army is linked to an unsuspecting owner whose entire identity could be at risk. Or the botnet could be used to attack.

In 2007, in Estonia, the internet was shut down due to denial-of-service attacks (i.e. being overwhelmed by botnet contact), and Georgia was severely disabled by Russian botnets in 2008. Other than taking entire countries offline, botnets could disable news sources, transportation websites, or overpower other highly important web sites.

Chch crypto exchange Cryptopia facing liquidation
It seems that Christchurch-based cryptocurrency exchange Cryptopia has been unable to recover after malicious cyber attackers stole around $20 million worth of cryptocurrency.
Adobe & Amazon: Making merchants' stores a lot more powerful
Magento Commerce branded stores for Amazon sellers features native integration with Amazon merchant tools including Amazon Pay and Fulfillment by Amazon. These provide the convenience of secure payments and speedy shipping services for buyers.
Four NZ projects shortlisted in IDC's APAC Smart Cities Awards
The annual awards highlight and acknowledge outstanding smart city initiatives in the Asia Pacific region and this year attracted over 180 entries.
How Chorus aims to reshape service company maintenance contracts
“These contracts are the first step in moving Chorus beyond the major UFB network build."
Mind Lab at MOTAT hosting event to promote young women in tech
Gender diversity in the tech industry is a hot topic around the world, but it’s one that New Zealand is looking to tackle head on.
SOLD: Infratil & partner snap up Vodafone NZ
Brookfield Asset Management and Infratil will hand over NZ$3.4 billion to acquire Vodafone New Zealand.
Noise pollution is the new second-hand smoke
ow loud is our phone call? Can you hear your co-worker’s music through their headphones? Do you need to have that meeting in a public area of the office?
Infratil throws its hat into the buyer's market for Vodafone NZ
Vodafone has been through a turbulent time lately, after the threat of staff redundancies, constant fines from the Commerce Commission, and the addition of Vodafone CEO Jason Paris late last year.