Quarter Four Report 2017

CERT NZ’s fourth quarter report (1 October – 31 December) covers the latest cyber security threats in New Zealand and a summary of results for 2017.

In 2017, we received over 1100 reports since we went live in April. This quarter we received 390 incident reports, a similar number to previous quarters.

Reported financial losses from incidents during this quarter were $3.4 million; more than double the losses reported in the previous quarter. This includes nine incidents that involved losses of over $100,000 each. This brings the total financial loss to New Zealanders from cyber security issues since CERT NZ went live in April 2017 to over $5.3 million.

We’ve seen increasingly sophisticated phishing campaigns that aim to steal people’s credentials. This was a common threat for all types of businesses. Other notable trends include a growing interest in cryptocurrencies which is contributing to an increase in cryptocurrency scams in New Zealand. These types of scams resulted in nearly $265k losses alone in quarter four.

Quarterly report October - December 2017 [PDF, 2.6 MB]

Summary report October - December 2017 [PDF, 684 KB]

Results

Incidents reported to CERT NZ

Between 1 October and 31 December, 377 cyber security incidents were reported to CERT NZ, similar to the 390 incidents in quarter three.

Diagram of incidents reported and orgs that responded. 377 in total.

 

Incidents reported by type

We received 377 incident reports in quarter four. This quarter we have expanded our category reporting to include all incidents, including those referred to NZ Police and Netsafe. In quarter four the most commonly reported incident types were scams & fraud (37%) and phishing & credential harvesting (33%), followed by unauthorised access (10%), malware (8%), reported vulnerabilities (4%), and ransomware (4%).

 

 

Graphic of an email with a hazard triangle (phishing email)

Reports of scams and fraud have increased significantly to 139 in quarter four from 65 in quarter three

 Pie diagram: 56% in Q4

56% of unauthorised access

incidents in quarter four involved some form of loss. This is the highest porportion since reporting began.

Most of the unauthorised access incidents we have seen use phishing emails to trick users into giving up their credentials, giving attackers access to the system.

Impacts

 Graph of Q3 vs Q4 financial loss reported. Q4 is more than double.

Over $3.4 million

in direct financial loss has been reported to us in quarter four. This is more than double the losses reported in quarter three.

High value losses

Nine incidents involved losses of over $100,000 each. From the nine incidents, $2.8 million in total loss was reported.

2017 summary

1,131 incidents were reported to us in 2017. The number of incidents reported per quarter has remained fairly consistent.

Over $5.3 million total financial loss was reported.

Notable trends

Computer with an email and a phishing hook going through it

The most reported incident type in 2017 was phishing credential & harvesting

Computer with a virus on screen

There was a spike in ransomware reports during the Wannacry and NotPetya ransomware campaigns in Q2

 

Cryptocurrency scams in Q4

Cryptocurrency investment scams

Graph representing the rise of bitcoin

These scams operate by sending out emails or setting up fake websites advertising cryptocurrency investment opportunities with attractive returns.

Stolen cryptocurrencies

Graphic of bitcoin key on a computer screen These attacks use a fake website or applications to gain credentials or private keys. These are then used by the criminal to transfer the cryptocurrency.

 

Cryptocurrency security has tips on how to protect yourself.

 

Case studies

Don't download fake crypto-wallets

CERT NZ received a report about cryptocurrency stolen using a fake Electrum wallet. The individual had searched the term ‘Electrum’ and clicked on a link in the list returned without doing any further research. They downloaded and launched an application. Once they had entered their details they realised that something was wrong with the application. When they checked the blockchain, they saw that their cryptocurrency had been transferred to another address. The loss was over $100,000 at the time of the report. The case was referred to NZ Police.

 

Watch out for fake 'security issues' emails

A cryptocurrency investor reported a bitcoin theft to CERT NZ. The investor received an email that said their bitcoin account had security issues, along with a link. They followed the link to a legitimate-looking website and logged on. The website requested further logons and the investor realised the email was a hoax, but by then their bitcoin had already been stolen from their account. Although CERT NZ referred the case to the NZ Police, it is unlikely the investor’s bitcoin can be recovered.

 

Quarterly report October - December 2017 [PDF, 2.6 MB]

Summary report October - December 2017 [PDF, 684 KB]