Direct financial losses amounted to $6m during fourth quarter, says CERT NZ

The New Zealand government received a record number of cybersecurity incident reports in the fourth quarter of last year, driven primarily by a spike in email extortion scams.

In the three months to December 31, 2018, CERT NZ – New Zealand’s self-described “front door” for reporting and recovering from cybersecurity incidents – said it received 1,333 incident reports from individuals and businesses.

This represents a 53% increase on the 870 incident reports received in the third quarter, and more than three times the number of reports received in the comparable period a year earlier.

“This is the highest number of reports to date,” CERT NZ said in its latest filing. “These reports show how online threats and vulnerabilities can have a big impact on business operations and the day-to-day lives of New Zealanders.”

The double-digit increase in security incident reports was driven by a “significant spike” in scam and fraud reports, particularly email extortion campaigns.

In addition, CERT NZ received 48 malware reports – more than double the amount in the third quarter.

Direct financial losses resulting from these incidents totalled NZ$5.9 million ($4 million), compared to NZ$3 million ($2 million) in the previous quarter.

“The reports we’ve received this quarter show that these incidents are not only causing financial impact, they’re also affecting people’s confidence online,” said CERT NZ director Rob Pope.

“Scammers continually evolve their approach and employ new tactics to try and trick people into meeting their payment demands. This means it’s more important than ever that New Zealanders have a trusted source they can turn to for reliable information and actionable advice to protect themselves online.”

CERT NZ was established in 2016 as a key component of New Zealand’s Cyber Security Strategy. The agency is tasked with handling cyber incident reports and providing advice and guidance to individuals and businesses across the country.

In 2018, the total direct losses attributable to cybersecurity incidents in the country amounted to just over NZ$14 million ($9.6 million) – a near three-fold increase on the NZ$5.3 million ($3.6 million) reported in 2017, CERT NZ said.

RELATED New Zealand looks to refresh cybersecurity strategy