CERT NZ recently integrated with the National Cyber Security Centre (NCSC) to form the New Zealand Government’s lead operational cyber security agency. The combined agency is located within the Government Communications Security Bureau (GCSB).
The NCSC now provides cyber security services to all New Zealanders, from individuals and small businesses to government agencies and nationally significant organisations.
This quarter, NCSC responded to 1,203 incident reports about individuals and businesses from all over Aotearoa, and 121 incidents of potential nationally significance.
The Cyber Security Insights report shares information about these incidents as well as highlights examples of work the NCSC is doing to help.
Cyber Security Insights Q2 2024 [PDF, 4.2 MB]
Contents
- 2024 Quarter Two data highlights
- Focus area: Spoof and spam
- Insight: Beyond SMS
- Insight: Phishing with Progressive Web Apps
- A closer look at our numbers
- About our information
- Incident categories we use
Q2 data highlights
$6.8 million in direct financial loss was reported in Q2, up 3% from Q1 2024. 28% of incidents reported financial loss.
1,203 incidents were responded to by CERT NZ in Q2 2024, down 22% from Q1 2024.
The biggest drop in number of reports was in the Phishing and Credential Harvesting category which saw a 31% decrease on Q1 2024.
We saw little change in the number of incidents of Unauthorised Access. However, the reported loss for this category changed from $390,000 in Q1 to $3.6M in Q2.
Number of incidents
A total of 1,203 incidents were reported via the CERT NZ reporting tool in Q2 2024.
Breakdown by incident categories
Phishing Disruption Service
NCSC’s Phishing Disruption Service (PDS) is a free service that provides a verified list of New Zealand specific phishing indicators that organisations can act on and block from their network.
When you get a phishing link via text or email, you can forward it to phishpond@ops.cert.govt.nz. The incident response team then analyses the links it receives, also called phishing indicators, and publishes verified ones to the PDS. NCSC’s research team also proactively identifies phishing sites and blocks them before they can be used to target New Zealanders.
In Q2, NCSC processed 11,278 phishing indicators of which 2,059 were published to the PDS. NCSC proactively identified 325 indicators in Q2. The industry that was most impersonated by phishing scammers this quarter was postal agencies.
Incidents with potential national significance
The NCSC responds to incidents affecting nationally significant organisations or with potential to cause national harm. We triage these into a scale that considers the organisational impact and the severity of the incident.
In the second quarter of 2024, the NCSC recorded 121* incidents impacting nationally significant organisations.
Of these:
- 28 were triaged as C6 – minor incidents,
- 55 as C5 – routine incidents,
- 36 as C4 – moderate incidents, and
- 2 as C3 – significant incidents.
There were no reports of C2 - highly significant incidents, or C1 - national cyber emergency.
Subscribe for updates
Sign up to our quarterly newsletter to receive CERT NZ’s reports and updates.