CERT NZ has released its Q4 report for 2018, which provided an interesting snapshot of the cybersecurity incident reports that the NZ Government received in the last three months of 2018 until 31 December.
Despite ongoing efforts to raise awareness about online scams and fraud, New Zealanders are still losing staggering amounts of money.
According to a recent report, in the last quarter alone, New Zealanders have lost NZ$ 5.9 million, which is up from NZ$ 3million from the previous quarter.
Moreover, CERT NZ received 1333 reports about cybersecurity issues, which is a 53% increase on the 870 incidents reported in the third quarter.
Email Extortion Scam
The Agency’s Director explained that these scams are becoming increasingly professional and generate a considerable amount of money so scammers evolve their approach and employ new methods to continue tricking people into paying up.
36% of all scam reports came from email extortion scams, in which scammers send threatening emails that con people into paying money to make the problem disappear.
This type of scam has evolved rapidly, from webcam blackmail emails that contained personal information like passwords in October, through to bomb threat emails in December.
It is more important than ever for Kiwis to have a trusted source that they can turn to for actionable advice to protect themselves online.
The bomb threat emails in December were concerning for many New Zealand businesses.
The emails threatened to detonate a bomb in the company’s building if the business did not make payment. CERT NZ and many international partners issued an advisory about the hoax.
Aside from email extortion scams, the report also highlights a significant number of phishing and credential harvesting reports (431), followed by 48 malware reports, which are more than double the number in Q3.
A Harrowing Hacking Experience
In one case study, the report tells the story of a New Zealand business with 20 regional offices that caught a malware infection.
The malware was delivered by a phishing email that appeared to be from an accounting service. A company employee clicked the link and unwittingly downloaded malware in the background.
The malware was able to display a phony online banking page, which captured the employee’s login and two-factor authentication information.
The attackers accessed the company’s bank account from an overseas IP address, and it was only then that the bank noticed something was amiss. The bank then notified the company.
The report said that the business was concerned that removing the malware from their systems would impact their day-to-day operations.
The Agency
CERT NZ helped the business resolve the incident while maintaining their operations. It also issued an advisory to share information about the threat.
It is the job of the Agency to help New Zealanders report the cyber security incidents they are impacted by and get the information they need to recover.
These reports also allow them to aggregate their information alongside international sources to make sure New Zealanders have access to the most up-to-date information on cyber security threats.
CERT NZ was established in 2016 as a key component of New Zealand’s Cyber Security Strategy.
The Agency is tasked with handling cyber incident reports and providing advice and guidance to individuals and businesses across the country.