Quarter Two Report 2018

This quarter, CERT NZ received the highest number of reports yet. Between 1 April and 30 June, over 700 cyber security incidents were reported to us.

Phishing and credential harvesting reports have significantly increased over the last quarter. Reports are up from 196 in quarter one, to 455 in quarter two. This increase comes from closer collaboration with the financial sector, which has given us a better picture of the phishing campaigns that constantly target New Zealanders.

  • 337 phishing and credential harvesting reports came from the financial sector.
  • 321 of these reports showed actors masquerading as well known New Zealand brands.

We continue to see phishing emails with attachments pretending to be Office 365 documents, and emails offering fake tax refunds.

The number of vulnerability reports we receive has stayed consistent from quarter one. A vulnerability is a weakness in software, hardware, or an online service that can be exploited to damage a system or access information. In total, we received 69 vulnerability reports in quarters one and two. We handled 15 of these under our coordinated vulnerability disclosure (CVD) policy.

In response to requests, we’ve provided a deeper analysis of vulnerabilities in this quarter. We’ve broken vulnerability reports down by category, and will continue to refine the categories we use as our data set grows.

Quarterly Report: Highlights [PDF, 918 KB]

Quarterly Report: Data Landscape [PDF, 988 KB]

Results in numbers

Number of incidents reported by quarter


We received 736 reports in quarter two, up 45% from our previous high of 506 reports in quarter one of this year.

Results by type

Phishing and credential harvesting continue to be our top category of reported incidents. These incidents have increased by over 132% from quarter one. This increase has come from our cooperation with New Zealand-based banks and financial services organisations.

Breakdown by incident category

Breakdown by incident category

Case study

In quarter two we got a report from an online e-commerce store. It suffered repeated breaches by a criminal actor over the course of a year. These breaches tricked their customers into paying money into the attacker's bank account, even though customers were using the store’s real website. In some cases, the attacker even sent customers goods to try and hide their activities.

We helped the business identify key areas where their website’s security was falling short. Once they were able to diagnose the root security weaknesses, they were able to:

  • take steps to resolve them, and
  • keep the attacker out for good.

We created a guide to help other businesses secure their website at www.cert.govt.nz/protect-it