Story image

CERT NZ highlights rise of unauthorised access incidents

10 Dec 2018

CERT NZ’s latest quarterly report was released last week. The Q3 Landscape report covers statistics from June to September 2018. Within that quarter CERT NZ received 870 cyber incident reports – the highest number of reports made to date.

While New Zealanders are taking action and reporting more incidents, the amount of money they are losing from those incidents is also climbing upwards.

Direct financial losses in the quarter reached $2.9 million – a 35% increase from the previous quarter. $2.3 million of those losses came from 198 scam and fraud reports. 46 of those reports dealt with webcam scams; while Facebook scams (25 reports) and invoice scams followed. Many of the reports required police action.

More New Zealanders reported cases of unauthorised access of both business and personal emails – an increase of 28% over the previous quarter.

Pope says that security measures such as strong passwords and multifactor authentication can help to prevent their email accounts from being hacked.

The report outlines the dangers that weak passwords can cause to New Zealand businesses. In two separate cases, attackers gained access to business email accounts as a result of weak passwords.

“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles and behaviours to create and send out fake invoices to the business’s database,” explains CERT NZ Director Rob Pope.

“In these cases, we worked with the affected businesses and helped them recover. CERT NZ was established to help New Zealanders stay safe online, whether by taking incident reports, sharing best practice advice, or by sharing data and information about the online threat landscape as it impacts New Zealand.”

Cybersecurity incidents such as malware, ransomware, website compromise, Denial of Service, and botnet traffic were not often reported, but that it does not mean that businesses and individuals should cut corners with their cybersecurity protection.

From the 37 reports about malware, CERT NZ says common malware variants included Emotet, Gozi, Zeus, ramnit, spinx, kronos and gootkit. Common ransomware variants reported in Q3 were: Dharma, Everbe, Nemesis and Hermes.

“We know from in-depth analysis of the reports we receive, combined with information from international partners and global threat insights, that it’s getting the basics right that will help Kiwis stay safe online. Online security can seem complicated, but the evidence we have shows that most incidents can be prevented by taking simple steps,” Pope concludes.

CERT NZ recommends these simple steps to protect your business:

•    Strengthen your email account security – by keeping your software and systems up-to-date and using strong, unique passwords for each account.

•    Secure your network – especially when using systems that can be accessed remotely (including remote desktop protocol (RDP). Use strong, unique passwords and enable two-factor authentication (2FA) where you can.

•    Review your business processes – ensure that your processes don’t rely solely on email. Verify payments to new or different accounts by phone before making the transaction. This can help prevent losses.

•    Protect against email spoofing – this is when attackers send you emails pretending to be from legitimate businesses. Protect against this with solutions such as DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

Read more about CERT NZ's Quarterly Reports here.

How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."
Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.
Instagram: The next big thing in online shopping?
This week Instagram announced a new feature called checkout, which allows users to buy products they find on Instagram.
Google's Stadia: The new game streaming platform intertwined with YouTube
Move over Steam, Uplay, Origin and all the other popular gaming platforms – Google has thrown its hat in the ring and entered the game streaming market.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
How AI can transform doodles into photorealistic landscapes
The tool leverages generative adversarial networks, or GANs, to convert segmentation maps into lifelike images.
Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.
Five signs it may be time for a memory upgrade
Back it the day, a couple of gigabytes of memory would have done you. In fact, a couple of gigs would’ve been all you PC could actually use. With modern 64-bit operating systems like Windows 10, sky’s the limit.