Story image

$2.9 million gone: Kiwis hit by more than 500 cybersecurity incidents

30 May 18

The first three months of 2018 were busier than ever for cybercriminals, who managed to steal $2.9 million from New Zealanders through methods including phishing, fraud, ransomware, and website compromise attacks.

CERT NZ’s Q1 2018 quarterly report covers reports between January 1 and March 31. Although the losses are a slight drop from the $3.4 million reported last quarter, CERT NZ director Rob Pope says they continue to be a significant threat.

Phishing, credential theft most dangerous in Q1

Phishing attacks and credential theft were responsible for 196 of the 506 reported incidents. Scams and fraud are also prevalent in New Zealand: They were responsible for 168 incidents – a 21% increase from last quarter’s figures.

However, New Zealanders aren’t letting phishing websites lure in more victims – CERT NZ helped with 102 takedown requests either directly or by supporting reports made by banks and financial services organisations.

Unauthorised access accounted for 60 incidents – a 67% increase. There was also a 133% increase in reported vulnerabilities (35). Ransomware was only responsible for 13 incidents but there were two new ransomware variants spotted: ‘Rapid’ and ‘David’.

Individuals snared by scams; phishing baits organisations

Scams and fraud most affected individuals (153 reports); while phishing and credential harvesting impacted 118 organisations.

Individuals also bore the brunt of 75% of all direct financial losses ($2,208,644), while businesses reported $728,318 in direct financial losses.

New Zealand’s finance/insurance and tech sector reported the most incidents; accounting for 44% and 11% of reports respectively.

Overall, 33% of incidents involved financial loss; 6% involved data loss; 3% affected operational impacts; 2% involved operational loss; 3% caused technical damage; and 4% involved other types of loss.

Over-55s most impacted by financial loss

This quarter’s report breaks incident reports down by age group. Pope says the losses are especially pronounced from those in the over-55 age group.

87% of the value of financial loss impacts people over 55; while only 13% impacts those under 55.

“New data analysis this quarter shows that this has been particularly harmful for victims in the over-55 age group who have reported losing more money than any other age group,” says Pope.

Those over 65 lost $1 million – the highest losses across all age groups. Those aged between 55 to 64 reported the second-highest losses of $724,000.

CERT says age-impact data helps the team develop specific outreach programmes that work for the communities it is targeting.

“It’s insights like these that show the value of having a national CERT. Our role is not only helping specifically impacted individuals, but using the information from incident reports to help all Kiwis improve their cybersecurity,” Pope says.

“We use our data to support technical and non-technical people and organisations all over New Zealand. We do this in a range of ways, from working on new methods to disrupt models of attack to building outreach activities that help people take simple actions to protect themselves online.”

CERT NZ welcomes cybersecurity incident reports

New Zealanders who suspect they have experienced a cybersecurity issue should report it to CERT NZ at www.cert.govt.nz.

White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Kidd made Ingram Micro executive for cloud
Barbara Kidd has been promoted to cloud general manager as the company signs new vendors to its Cloud Marketplace.
Open source will be the next big thing for the channel
Channel firms should be on the lookout for opportunities across open source and more diverse software offerings like software-defined containers and storage.