Quarter Four Report 2017
CERT NZ’s fourth quarter report (1 October – 31 December) covers the latest cyber security threats in New Zealand and a summary of results for 2017.
In 2017, we received over 1100 reports since we went live in April. This quarter we received 390 incident reports, a similar number to previous quarters.
Reported financial losses from incidents during this quarter were $3.4 million; more than double the losses reported in the previous quarter. This includes nine incidents that involved losses of over $100,000 each. This brings the total financial loss to New Zealanders from cyber security issues since CERT NZ went live in April 2017 to over $5.3 million.
We’ve seen increasingly sophisticated phishing campaigns that aim to steal people’s credentials. This was a common threat for all types of businesses. Other notable trends include a growing interest in cryptocurrencies which is contributing to an increase in cryptocurrency scams in New Zealand. These types of scams resulted in nearly $265k losses alone in quarter four.
Incidents reported to CERT NZ
Between 1 October and 31 December, 377 cyber security incidents were reported to CERT NZ, similar to the 390 incidents in quarter three.
Incidents reported by type
We received 377 incident reports in quarter four. This quarter we have expanded our category reporting to include all incidents, including those referred to NZ Police and Netsafe. In quarter four the most commonly reported incident types were scams & fraud (37%) and phishing & credential harvesting (33%), followed by unauthorised access (10%), malware (8%), reported vulnerabilities (4%), and ransomware (4%).
Reports of scams and fraud have increased significantly to 139 in quarter four from 65 in quarter three
56% of unauthorised access
incidents in quarter four involved some form of loss. This is the highest porportion since reporting began.
Most of the unauthorised access incidents we have seen use phishing emails to trick users into giving up their credentials, giving attackers access to the system.
Over $3.4 million
in direct financial loss has been reported to us in quarter four. This is more than double the losses reported in quarter three.
High value losses
Nine incidents involved losses of over $100,000 each. From the nine incidents, $2.8 million in total loss was reported.
1,131 incidents were reported to us in 2017. The number of incidents reported per quarter has remained fairly consistent.
Over $5.3 million total financial loss was reported.
The most reported incident type in 2017 was phishing credential & harvesting
There was a spike in ransomware reports during the Wannacry and NotPetya ransomware campaigns in Q2
Cryptocurrency scams in Q4
Cryptocurrency investment scams
These scams operate by sending out emails or setting up fake websites advertising cryptocurrency investment opportunities with attractive returns.
These attacks use a fake website or applications to gain credentials or private keys. These are then used by the criminal to transfer the cryptocurrency.
Cryptocurrency security has tips on how to protect yourself.
Don't download fake crypto-wallets
CERT NZ received a report about cryptocurrency stolen using a fake Electrum wallet. The individual had searched the term ‘Electrum’ and clicked on a link in the list returned without doing any further research. They downloaded and launched an application. Once they had entered their details they realised that something was wrong with the application. When they checked the blockchain, they saw that their cryptocurrency had been transferred to another address. The loss was over $100,000 at the time of the report. The case was referred to NZ Police.
Watch out for fake 'security issues' emails
A cryptocurrency investor reported a bitcoin theft to CERT NZ. The investor received an email that said their bitcoin account had security issues, along with a link. They followed the link to a legitimate-looking website and logged on. The website requested further logons and the investor realised the email was a hoax, but by then their bitcoin had already been stolen from their account. Although CERT NZ referred the case to the NZ Police, it is unlikely the investor’s bitcoin can be recovered.