For the first time, more than 500 incidents were reported in the quarter, and we have introduced new age data. Looking at the 180 reports about individuals that provided date of birth, all age ranges were affected. However, when we look at the value of financial loss by age, 87% of these reports were made by people over 55yrs.
Overall financial loss continues to be high, with nearly $3 million of losses reported. This is more than half the total losses reported to CERT NZ in 2017.
The number of reports in several incident categories increased significantly compared to the previous quarter including reports of:
- phishing and credential harvesting (55% increase)
- unauthorised access (67% increase), and
- reported vulnerabilities (133% increase).
We’ve reviewed the best way to share the data we collect and what it means about the cyber security landscape in New Zealand. From this quarter we’ll produce two new reporting documents:
- Quarterly Report: Highlights document which summarises key observations and focus areas that the data is demonstrating, and
- Quarterly Report: Data Landscape, which provides detailed graphs and data about the reports we receive, and the impact this has on New Zealand.
Quarterly Report: Highlights [PDF, 723 KB]
Results in numbers
Number of incidents reported by quarter
We received 506 reports in the first quarter of 2018. This is the highest number of incident reports received in a quarter since CERT NZ was established.
Results by type
Phishing returns to the top category of incidents reported this quarter. Part of this increase is due to the increasing number of phishing website takedowns we have been involved in as we ramp up our efforts to try and address this problem.
This quarter CERT NZ received 35 vulnerability reports, the highest since reporting began and more than twice the number in Q4 2017.
There is a 67% increase in incidents involving unauthorised access this quarter compared to Q4 2017.
$3 million in losses
Significant losses continue to be reported, with almost $3 million in losses in Q1. 45% of incidents reports show some form of loss.
We received reports of two new ransomware variants - Rapid and David.
Breakdown by incident category
Reporting by age
We received 297 incidents about individuals, of which 61% provided their date of birth. Of these, the largest age bracket was people over 65 years, and the second largest was people aged between 35 and 44 years.
New Zealanders of all ages are targeted and vulnerable to cyber security threats.
While all New Zealanders are affected by cyber security incidents, people over 55 are reporting the majority of the financial loss.
Reports about individuals; breakdown by age
Phishing takedowns on the up
Taking down phishing websites is one way to stop New Zealanders from being impacted by phishing campaigns. We received 102 requests to takedown phishing websites this quarter. These include requests for CERT NZ to either action or to support requests from affected organisations.