Quarter Two Cyber Security Insights 2024

The Cyber Security Insights report for quarter two (Q2) provides an overview of cyber security incidents impacting New Zealanders from 1 April – 30 June 2024.

CERT NZ recently integrated with the National Cyber Security Centre (NCSC) to form the New Zealand Government’s lead operational cyber security agency. The combined agency is located within the Government Communications Security Bureau (GCSB).

The NCSC now provides cyber security services to all New Zealanders, from individuals and small businesses to government agencies and nationally significant organisations. 

This quarter, NCSC responded to 1,203 incident reports about individuals and businesses from all over Aotearoa, and 121 incidents of potential nationally significance. 

The Cyber Security Insights report shares information about these incidents as well as highlights examples of work the NCSC is doing to help. 

Cyber Security Insights Q2 2024 [PDF, 4.2 MB]

Contents

Q2 data highlights

Number of incidents

A total of 1,203 incidents were reported via the CERT NZ reporting tool in Q2 2024.

Q2 Incidents

Breakdown by incident categories

Q2 Incidents By Category

Phishing Disruption Service

NCSC’s Phishing Disruption Service (PDS) is a free service that provides a verified list of New Zealand specific phishing indicators that organisations can act on and block from their network. 

When you get a phishing link via text or email, you can forward it to phishpond@ops.cert.govt.nz. The incident response team then analyses the links it receives, also called phishing indicators, and publishes verified ones to the PDS. NCSC’s research team also proactively identifies phishing sites and blocks them before they can be used to target New Zealanders. 

In Q2, NCSC processed 11,278 phishing indicators of which 2,059 were published to the PDS. NCSC proactively identified 325 indicators in Q2. The industry that was most impersonated by phishing scammers this quarter was postal agencies.

Incidents with potential national significance

The NCSC responds to incidents affecting nationally significant organisations or with potential to cause national harm. We triage these into a scale that considers the organisational impact and the severity of the incident.

In the second quarter of 2024, the NCSC recorded 121* incidents impacting nationally significant organisations.

Of these:

  • 28 were triaged as C6 – minor incidents,
  • 55 as C5 – routine incidents, 
  • 36 as C4 – moderate incidents, and 
  • 2 as C3 –  significant incidents.

There were no reports of C2 - highly significant incidents, or C1 - national cyber emergency.

Q2 Incidents of National Significance

Subscribe for updates

Sign up to our quarterly newsletter to receive CERT NZ’s reports and updates.

Subscribe External Link