Quarter Three Report 2018
CERT NZ’s Quarter Three Report provides an overview of the cyber security events reported between 1 July and 30 September 2018. It also gives advice on how to prevent or mitigate these events.
This quarter, CERT NZ received 870 incident reports. This is the highest number of reports to date. The reports show that a broad cross section of New Zealanders and organisations are impacted by cyber security issues. They also show a significant increase in both incident type and financial impact compared to Q2.
Some examples include:
- financial losses increased by 35% to $2.9 million
- reports related to scam and fraud were almost double what we saw in Q2. This was due to a large number of webcam scam reports
- reports of unauthorised access increased by 28%
- although we received reports across all age groups, the 65+ age group experienced the highest value of direct financial loss. The total loss for this age group was $930,000 this quarter, compared to $123,000 in Q2.
Results in numbers
We received 870 reports in the third quarter of 2018.
This is the highest number of incidents reported to CERT NZ since its establishment.
Results by type
Scam and fraud had the highest increase in number of incidents reported this quarter. This jump was led by a large number of webcam scam reports.
Breakdown by incident category
Unauthorised access reports
Reports of unauthorised access continue to increase. We received 91 reports this quarter, a 28% increase on quarter two.
More than a third of these reports related to attackers being able to access business and personal email accounts through weak account passwords.
Case study: Business compromise leads to advisory
An IT provider noticed that one of its clients was receiving emails pretending to be a recognised supplier.
The emails contained fake invoices and were attempting to trick the client into paying the invoiced amount into the attacker’s account.
The affected business investigated and discovered that the emails and fake invoices had been sent to people within the business and to some of its external customers.
The emails seemed legitimate. For example, they included knowledge of recent goods requests and costs. However, there were small differences in the email addresses which staff picked up on before any payments were made.
The business discovered that an employee’s email account had a simple password, making it easy for the attackers to gain access and forward emails containing words like 'account', 'invoice' and 'pay' to an external address belonging to the attacker. These emails allowed the attackers to gather information about the business’s billing cycles and behaviours, helping the attackers to create invoices that looked legitimate.
The compromise went unnoticed for at least six months as the attacker was deleting the forwarded emails from the employee’s account.
CERT NZ analysed the detail from this report and others, and published an advisory about:
- the extent and nature of invoice scams
- how to protect against them, and
- what to do if you’ve received a fake invoices.
CERT NZ recommends these simple steps to protect your business:
- Strengthen your email account security – by keeping your software and systems up-to-date and using strong, unique passwords for each account.
- Secure your network – especially when using systems that can be accessed remotely (including remote desktop protocol (RDP). Use strong, unique passwords and enable two-factor authentication (2FA) where you can.
- Review your business processes – ensure that your processes don’t rely solely on email. Verify payments to new or different accounts by phone before making the transaction. This can help prevent losses.
- Protect against email spoofing – this is when attackers send you emails pretending to be from legitimate businesses. Protect against this with solutions such as DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).