Breadcrumbs

Quarterly report snapshot

Since our launch on 11 April 2017, we have analysed trends in local cyber security data.

1. Results

Incidents reported to CERT NZ

An icon of a calendar and a magnifying glass with the number 364 overlaid.

These results reflect data collected in the period 11 April - 30 June 2017.

364 incident reports for the 11 April - 30 June 2017 period.

286 were responded to by CERT NZ. 70 involved cyber crime and were referred to NZ Police.


Incident reports by type

Horizontal bar graph showing the different types of incidents reported to CERT NZ
Graph 1. Breakdown by category: incidents CERT NZ responded to directly.

33.6% of all reported incidents were about phishing. These results are broadly reflective of what is being seen.

 


Reporting spike in May

Line graph showing reports received in May with a spike in 15-17 May.
Graph 2. Cyber security reports received by CERT NZ: 11 April – 30 June 2017.

 

A reporting spike occured immediately after the WannaCry ransomware event in May.

 


2. Impacts

Cyber security incidents are inflicting significant losses on New Zealanders.

Losses caused by cybercrime

Over $730,000 in direct financial loss direct as a result of cyber crime has been reported.

 


Case study: phishing

Recently we received an incident report about a phishing campaign that claimed to be from a well-known New Zealand company. The phishing emails were sent from a .nz email address, and had links in them directing victims to fake websites that tricked users into providing financial details. The sites were very convincing and well made, making it difficult to tell they were fakes at a glance.

We identified the ISP that the email address used, and working with them we blocked the email address from sending any further phishing emails.

We also contacted some of our international CERT partners in countries that the fake websites were hosted in, to ask them to take action and block the fake websites.

With both of these measures, the phishing campaign was effectively stopped. New Zealanders were no longer getting the emails, and those that did couldn’t fall victim to the fake website as it had been taken down.

Thanks to the connections established with the international CERT community, we were able to rapidly assist the take down of the phishing campaign and contain the incident.

 


3. Focus on ransomware

Ransomware attacks are causing losses to New Zealanders. Here's a quick guide to ransomware.

What is ransomware?

Icon of desktop screen with a bug on it.

 

Ransomware is a type of malicious software (or malware) that tricks users into installing it on their systems. It then encrypts their system files and demands a ransom payment to decrypt them.

Icon of desktop screen with facebook alert on it.

 

Be careful when visiting unsafe or suspicious websites. opening emails or files from someone you don't know, clicking on malicious links in social media.

 


Ransomware reported in NZ

Bar graph showing ransomware reported in NZ.
Graph 3. Types of ransomware attacks reported by New Zealanders: 11 April – 30 June 2017.

 

Icon of globe. Two variants received major global attention: WannaCry and NotPetya. Location icon in New Zealand. Only WannaCry affected New Zealanders alongside several other ransomware variants.

Protect yourself against ransomware

Icon of cloud uploading data. Always update your operating system and your apps when new versions are available. You can set this up with Windows and a lot of other applications like Office. Icon of a cog at work. Make sure you back up your files regularly. This includes the files on your computers, phones and any other devices you have.

WannaCry

WannaCry was a newly discovered ransomware variant, which made headlines globally in May 2017 after it compromised a number of networks around the world. The ransomware blocked access to computers and demanded approximately $430 (NZD) to unlock it. Even if the victim paid the ransom, it was highly unlikely they would recover their files.

The ransomware spread rapidly via a vulnerability in computers running unmatched versions of Windows by exploiting flaws in Microsoft Windows SMB Server. Once a single computer in a network was infected with WannaCry, the ransomware looked for other vulnerable computers on the network and infected them too.

CERT NZ published an advisory in response to the event which contained preventative measures and mitigations to protect networks. In the days following the attack, CERT NZ received 6 incident reports of WannaCry infections from small businesses.

Icon to read the full Quarterly Report.