Quarter Two Report 2019

This quarter, incidents are up by 21% from quarter one, with 1,197 reports from businesses and individuals from across the country. These reports show a breadth in the type of incidents New Zealanders are experiencing and the range of impacts they can carry with them.

Some examples include:

23% of all incidents reported some type of loss.
Scams and fraud was the highest reported category in quarter two, making up 38% of all reports.
Ransomware incidents increased by 38% in quarter two, with most reports coming from businesses and organisations.

Quarterly Report: Highlights [PDF, 471 KB]

Quarterly Report: Data Landscape [PDF, 994 KB]

Highlights

1,197 incidents reported in quarter two, a 21% increase on quarter one

$6.5 million in direct financial losses was reported in quarter two, the highest amount reported to date.

150% increase in suspicious network traffic incidents from quarter one.

41% increase in scam and fraud reports from quarter one.

Results by number

Number of incidents reported by quarter

We received 1,197 reports in the second quarter of 2019. This is up 21% on quarter one and is the second highest number of incidents reported to CERT NZ.

Results by incident

Breakdown of incident category

Scams and fraud, phishing and credential harvesting, and unauthorised access have consistently been the highest incident categories since quarter four, 2017.

Scams and fraud is the highest incident category in quarter two, taking over from phishing and credential harvesting in quarter one.

Focus area: Ransomware impacts

Ransomware has significant and wide-ranging impacts on affected organisations, their staff and customers.

Ransomware incidents have remained steady since CERT NZ launched in 2017, making up 2-3% of total reports received. In quarter two, we received 22 ransomware reports, mostly from businesses.

Ransomware is a type of malicious software that can get into a computer system in a number of ways, like a bad link or attachment in an email, or through out-of-date software. Once the ransomware has infected the computer, it encrypts files so they can’t be read or accessed, and demands money to recover them.

CERT NZ does not recommend paying the ransom. Although it may seem like the quickest solution to recovering files, the payment does not guarantee that they’ll be returned or decrypted.

Paying the ransom could also lead to further attacks, and further financial loss.

We’ve seen a number of ransomware campaigns impacting New Zealanders. One of the first was WannaCry, which exploited Microsoft systems. More recently, the wide-spread GandCrab, which reportedly infected over 1.5 million computers globally, impacting public services and disrupting the lives of many people.

Over time, attackers modify ransomware and release new variants. New types of ransomware are released to exploit newly identified software vulnerabilities. CERT NZ predicts that ransomware will be released to take advantage of Windows 7 when support for this operating system ends in January 2020.

The total direct financial loss from ransomware reported to CERT NZ is just over $127, 000, mostly from ransoms being paid. The costs of ransomware also go beyond direct financial loss. Cases we have seen report losses like reputation, data, and customer information. Of the total 160 ransomware incidents reported, over 70% reported one or more of these loss types.

Recovering from the impact of these attacks can be time consuming and significantly affect a business’s day-to-day operations. However, there are simple prevention measures CERT NZ recommends to help protect against a ransomware attack.

Tip: Protect your business from ransomware

Keep your operating system and apps up-to-date. You can set this up to happen automatically with major operating systems like Windows and MacOS, and common applications like Office.
Make sure you back up your files regularly to an external hard drive or cloud service. This includes the files on your computers, phones and any other devices.
Install antivirus software and update it regularly.

Buyer beware: online shopping scams on the rise

Breakdown of scam and fraud categories

In quarter two, 19% of scam and fraud reports related to the buying and selling goods online.

Online shopping scams can operate across various platforms like social media, scam websites and sometimes through legitimate auction sites. These scams can result in financial loss when goods don’t show up, or don’t match the description and can also lead to other types of incidents like identity theft.

In one case, an online shopper reported a fake website that was posing as a reseller of an international clothing brand.

The shopper was close to completing their transaction when they realised that the website URL didn’t use HTTPS and decided to contact the site first to check it was legitimate.

The website didn’t have any contact information listed so they reported it to CERT NZ. We were able to quickly identify it was a scam website, and worked with the hosting provider to have the site taken down, protecting other shoppers from the scam.

Shopping online safely

Case study: Small business experiences the impacts of ransomware

Small businesses are increasingly experiencing the impacts of ransomware attacks, and the consequences are not always financial, as one business recently experienced.

A gym with close to 1,000 clients was hit by a ransomware attack. The manager had purchased new gym equipment and soon after received an email claiming there was an outstanding invoice with a PDF invoice attached.

The manager thought the invoice was a mix up for the recent purchase and tried to open the attached PDF. Nothing happened, so he tried again. Thinking the download issue was a fault with the computer, he carried on with other work. When he went back to the computer, all files were locked and a ransom pop-up appeared demanding payment to unlock them.

The manager immediately called his IT service provider and took the advice not to pay the ransom.

The IT provider identified that the PDF was a ransomware file that had infected the computer when it had been clicked on. All files had been encrypted with Locky ransomware and unfortunately couldn’t be recovered.

The gym had been in business for ten years, and had not backed up any data. As a result client records and fitness programmes were lost. With the significant loss of customer information, the gym also faced a reputational risk. The manager let all clients know of the incident and that their files had been lost. Fortunately, the clients appreciated the open communication and the difficulty of the situation.

To recover, the gym had to start from scratch to rebuild records while maintaining day-to-day operations, costing a lot of staff time and resources.

The gym is now following CERT NZ advice and taking steps to secure their systems by backing up all data regularly, and installing anti-virus software.

Backups for your business

Cyber security incidents affect all ages

Incidents affecting individuals by age group

In quarter two, 59% of the reports received were about individuals. The number of incidents reported by individuals continues to be spread across all age groups, demonstrating that New Zealanders of all ages are affected by cyber security incidents.

Of the 712 incidents about individuals, 30% reported some type of loss, like financial, data and reputational. Scams and fraud was the highest reported category affecting individuals (56%), with a total direct financial loss of $4.5 million.