Incident categories we use

We use broad categories to group incident reports. These will be refined as the data set grows.

The incident report categories are:

Botnet traffic

Botnets are networks of infected computers or devices that can be remotely controlled as a group without their owner’s knowledge and are often used to perform malicious activities such as sending spam or launching Distributed Denial of Service attacks.

C & C server hosting

A system used as a command-and-control point by a botnet.

Denial of Service (DoS)

An attack on a service, network or system from a single source that floods it with so many requests that it becomes overwhelmed and either stops completely or operates at a significantly reduced rate. Assaults from multiple sources are referred to as Distributed Denial of Service attacks (DDoS).

Malware

Short for malicious software. Malware is designed to infiltrate, damage or obtain information from a computer system without the owner’s consent. Commonly includes computer viruses, worms, Trojan horses, spyware and adware.

Phishing and credential harvesting

Types of email, text or website attacks designed to convince users they are genuine, when they are not.

They often use social engineering techniques to convince users of their authenticity and trick people into giving up information, credentials or money.

Ransomware

A common malware variant with a specific purpose. If installed (usually by tricking a user into doing so, or by exploiting a vulnerability) ransomware encrypts the contents of the hard drive of the computer it is installed on, and demands the user pay a ransom to recover the files.

Reported vulnerabilities

Weaknesses or vulnerabilities in software, hardware or online service, which can be exploited to cause damage or gain access to information. Some are reported to CERT NZ under our Coordinated Vulnerability Disclosure (CVD) service.

Scams and fraud

Computer-enabled fraud that is designed to trick users into giving up money. This includes phone calls or internet pop-up advertisements designed to trick users into installing fake software on their computers.

Suspicious network traffic

Detected attempts to find insecure points or vulnerabilities in networks, infrastructure or computers. Attackers typically conduct a range of reconnaissance activities before conducting an attack, which are sometimes detected by security systems and can provide early warning for defenders.

Unauthorised access

Successful unauthorised access can enable an attacker to conduct a wide range of malicious activities on a network, infrastructure or computer. These activities generally fall under one of the three impact categories: 

  • compromise of the confidentiality of information,
  • improper modification affecting the integrity of a system, and
  • degradation or denial of access or service affecting its availability.

Website compromise

The compromise, defacement or exploitation of websites by attackers for malicious purposes, such as spreading malware to unsuspecting website visitors.

About our information