About our data

Reporting quarters are based on the calendar year, 1 January to 31 December.

We receive reports of incidents from both individuals and organisations. They choose how much or how little they feel comfortable providing, often about very sensitive incidents. We will not share specific details about an incident, without the reporting party's consent.

We aren't always able to verify the information we receive, though we try to, particularly when dealing with significant cyber security incidents.

From 1 July 2020, we’ve made some changes to the way data is collected and structured. These changes have been made to improve the level of detail and reporting produced. It also allows for other data sources to be introduced. The way we collect and use the information provided to us is set out in our privacy and information statement.

From quarter one 2022, the Quarterly Report: Highlights document has been changed to Cyber Security Insights to better reflect the content. 

Incident categories we use

The incident report categories we use are:

Botnet traffic

Botnets are networks of infected computers or devices that can be remotely controlled as a group without their owner’s knowledge and are often used to perform malicious activities such as sending spam or launching Distributed Denial of Service attacks.

C & C server hosting

A system used as a command-and-control point by a botnet.

Denial of Service (DoS)

An attack on a service, network or system from a single source that floods it with so many requests that it becomes overwhelmed and either stops completely or operates at a significantly reduced rate. Assaults from multiple sources are referred to as Distributed Denial of Service attacks (DDoS).

Malware

Short for malicious software. Malware is designed to infiltrate, damage or obtain information from a computer system without the owner’s consent. Commonly includes computer viruses, worms, Trojan horses, spyware and adware.

Phishing and credential harvesting

Types of email, text or website attacks designed to convince users they are genuine, when they are not.

They often use social engineering techniques to convince users of their authenticity and trick people into giving up information, credentials or money.

Ransomware

A common malware variant with a specific purpose. If installed (usually by tricking a user into doing so, or by exploiting a vulnerability) ransomware encrypts the contents of the hard drive of the computer it is installed on, and demands the user pay a ransom to recover the files.

Reported vulnerabilities

Weaknesses or vulnerabilities in software, hardware or online service, which can be exploited to cause damage or gain access to information. Some are reported to CERT NZ under our Coordinated Vulnerability Disclosure (CVD) service.

Scams and fraud

Computer-enabled fraud that is designed to trick users into giving up money. This includes phone calls or internet pop-up advertisements designed to trick users into installing fake software on their computers.

Suspicious network traffic

Detected attempts to find insecure points or vulnerabilities in networks, infrastructure or computers. Attackers typically conduct a range of reconnaissance activities before conducting an attack, which are sometimes detected by security systems and can provide early warning for defenders.

Unauthorised access

Successful unauthorised access can enable an attacker to conduct a wide range of malicious activities on a network, infrastructure or computer. These activities generally fall under one of the three impact categories: 

  • compromise of the confidentiality of information,
  • improper modification affecting the integrity of a system, and
  • degradation or denial of access or service affecting its availability.

Website compromise

The compromise, defacement or exploitation of websites by attackers for malicious purposes, such as spreading malware to unsuspecting website visitors.