CERT NZ highlights rise of unauthorised access incidents
CERT NZ’s latest quarterly report was released last week. The Q3 Landscape report covers statistics from June to September 2018. Within that quarter CERT NZ received 870 cyber incident reports – the highest number of reports made to date.
While New Zealanders are taking action and reporting more incidents, the amount of money they are losing from those incidents is also climbing upwards.
Direct financial losses in the quarter reached $2.9 million – a 35% increase from the previous quarter. $2.3 million of those losses came from 198 scam and fraud reports. 46 of those reports dealt with webcam scams; while Facebook scams (25 reports) and invoice scams followed. Many of the reports required police action.
More New Zealanders reported cases of unauthorised access of both business and personal emails – an increase of 28% over the previous quarter.
Pope says that security measures such as strong passwords and multifactor authentication can help to prevent their email accounts from being hacked.
The report outlines the dangers that weak passwords can cause to New Zealand businesses. In two separate cases, attackers gained access to business email accounts as a result of weak passwords.
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles and behaviours to create and send out fake invoices to the business’s database,” explains CERT NZ Director Rob Pope.
“In these cases, we worked with the affected businesses and helped them recover. CERT NZ was established to help New Zealanders stay safe online, whether by taking incident reports, sharing best practice advice, or by sharing data and information about the online threat landscape as it impacts New Zealand.”
Cybersecurity incidents such as malware, ransomware, website compromise, Denial of Service, and botnet traffic were not often reported, but that it does not mean that businesses and individuals should cut corners with their cybersecurity protection.
From the 37 reports about malware, CERT NZ says common malware variants included Emotet, Gozi, Zeus, ramnit, spinx, kronos and gootkit. Common ransomware variants reported in Q3 were: Dharma, Everbe, Nemesis and Hermes.
“We know from in-depth analysis of the reports we receive, combined with information from international partners and global threat insights, that it’s getting the basics right that will help Kiwis stay safe online. Online security can seem complicated, but the evidence we have shows that most incidents can be prevented by taking simple steps,” Pope concludes.
CERT NZ recommends these simple steps to protect your business:
• Strengthen your email account security – by keeping your software and systems up-to-date and using strong, unique passwords for each account.
• Secure your network – especially when using systems that can be accessed remotely (including remote desktop protocol (RDP). Use strong, unique passwords and enable two-factor authentication (2FA) where you can.
• Review your business processes – ensure that your processes don’t rely solely on email. Verify payments to new or different accounts by phone before making the transaction. This can help prevent losses.
• Protect against email spoofing – this is when attackers send you emails pretending to be from legitimate businesses. Protect against this with solutions such as DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).