Story image

CERT NZ highlights rise of unauthorised access incidents

10 Dec 18

CERT NZ’s latest quarterly report was released last week. The Q3 Landscape report covers statistics from June to September 2018. Within that quarter CERT NZ received 870 cyber incident reports – the highest number of reports made to date.

While New Zealanders are taking action and reporting more incidents, the amount of money they are losing from those incidents is also climbing upwards.

Direct financial losses in the quarter reached $2.9 million – a 35% increase from the previous quarter. $2.3 million of those losses came from 198 scam and fraud reports. 46 of those reports dealt with webcam scams; while Facebook scams (25 reports) and invoice scams followed. Many of the reports required police action.

More New Zealanders reported cases of unauthorised access of both business and personal emails – an increase of 28% over the previous quarter.

Pope says that security measures such as strong passwords and multifactor authentication can help to prevent their email accounts from being hacked.

The report outlines the dangers that weak passwords can cause to New Zealand businesses. In two separate cases, attackers gained access to business email accounts as a result of weak passwords.

“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles and behaviours to create and send out fake invoices to the business’s database,” explains CERT NZ Director Rob Pope.

“In these cases, we worked with the affected businesses and helped them recover. CERT NZ was established to help New Zealanders stay safe online, whether by taking incident reports, sharing best practice advice, or by sharing data and information about the online threat landscape as it impacts New Zealand.”

Cybersecurity incidents such as malware, ransomware, website compromise, Denial of Service, and botnet traffic were not often reported, but that it does not mean that businesses and individuals should cut corners with their cybersecurity protection.

From the 37 reports about malware, CERT NZ says common malware variants included Emotet, Gozi, Zeus, ramnit, spinx, kronos and gootkit. Common ransomware variants reported in Q3 were: Dharma, Everbe, Nemesis and Hermes.

“We know from in-depth analysis of the reports we receive, combined with information from international partners and global threat insights, that it’s getting the basics right that will help Kiwis stay safe online. Online security can seem complicated, but the evidence we have shows that most incidents can be prevented by taking simple steps,” Pope concludes.

CERT NZ recommends these simple steps to protect your business:

•    Strengthen your email account security – by keeping your software and systems up-to-date and using strong, unique passwords for each account.

•    Secure your network – especially when using systems that can be accessed remotely (including remote desktop protocol (RDP). Use strong, unique passwords and enable two-factor authentication (2FA) where you can.

•    Review your business processes – ensure that your processes don’t rely solely on email. Verify payments to new or different accounts by phone before making the transaction. This can help prevent losses.

•    Protect against email spoofing – this is when attackers send you emails pretending to be from legitimate businesses. Protect against this with solutions such as DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

Read more about CERT NZ's Quarterly Reports here.

Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
iPhone XS Max costs average Kiwi 11.6 work days – world comparison
A new study has compared how long it will take the average worker in 42 countries to purchase Apple's newest iPhone - NZ doesn't do too bad.
Chorus reckons Kiwis have an insatiable appetite for data
New Zealanders love the internet – and we love Fortnite even more.
Hands-on review: XANOVA Juturna-U gaming headset
Despite my first impressions on the quality of the headset, I was disappointed with both of the auxiliary cables provided, which felt cheap and would cut out, almost as if they were already frayed.
Audioengine’s Wireless A5+ are just bloody good speakers
I judge these speakers on the aspects that Audioengine boasts about - quality, streaming, simplicity and versatility
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
OPPO aims to have 5G device launched by end of year
The Chinese smartphone manufacturer is working with Keysight Technologies to accelerate the development of their 5G smartphone.
LG makes TVs smarter with new AI processors
Latest TVs from LG use deep learning to enhance the video and audio output and introduces integration with Alexa.