The number of malware reports from Kiwi organisations more than doubled to 43 in the three months ended 31 December, CERT NZ has reported.
A phishing campaign containing malware and targeting business customers of some New Zealand banks contributed to the increase.
Specifically, 550 incidents in total were reported about Kiwi organisations, up just four per cent from 529 in the quarter ended 30 September 2018.
However, 1333 incidents affected both individuals and organisations during the quarter, up 53 per cent from the previous quarter. Scam and fraud incident reports tripled to 666 from the 198 received in the third quarter.
"A surge in email extortion scams and other variants was behind the increase," CERT NZ said. "Phishing and credential harvesting reports are down from the 468 received last quarter. They still make up 32 per cent of all incident reports received."
Meanwhile, direct financial losses totalled $5.9 million, almost double the loss from the previous quarter, while for 2018, total direct financial loss reported was just over $14 million, up from $5.3 million in 2017.
CERT NZ also reported increased numbers of reported vulnerabilities - weaknesses in software, hardware or online services. Twenty-eight vulnerabilities were reported in the quarter, 19 of which affected web servers.
"The largest category was reports about websites or web servers, making up 68 per cent," the report added.
"This reflects a consistent trend throughout 2018. There is a corresponding increase in website compromise incident reports, up 45 per cent from 11 in the third quarter of 2018 to 16 in the fourth quarter of 2018."