The number of cyber security incidents reported to the Computer Emergency Response Team (CERT) NZ by businesses and individuals in 2019 surged by 38 per cent compared to the previous year’s total, to 4,740.
The annual tally comes as CERT NZ releases its fourth quarter report for the 2019, ending 31 December, with the organisation receiving 1,197 incidents in the final three month period of last year.
Although fourth quarter incidents were down by 12 per cent compared to the preceding quarter, there was an 11 per cent quarter-on-quarter increase in phishing and credential harvesting reports to CERT NZ.
The organisation also said it received a cluster of reports of SIM swapping attacks in Q4, where attackers were able to gain access to victims’ online bank accounts.
“While the number of reports was small...the average financial loss from these attacks was $30,000. Given the potential impact of this type of attack we want to share how to protect yourself and your business,” CERT NZ said.
The annual cyber security incident report, meanwhile, revealed that phishing and credential harvesting reports rose by 25 per cent, year-on-year, while scams and fraud reports surged by 53 per cent, compared to the 2018 figures.
At the same time, unauthorised access report increased by 48 per cent, compared to the previous year, to 449.
According to CERT NZ, 15 per cent of the reports it received involved some form of financial loss, with a total value of $16.7 million.
Further, 60 vulnerabilities were reported to CERT NZ in 2019, 20 of which were managed under the organisation’s Coordinated Vulnerability Disclosure (CVD) service. This is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly themselves.
The annual and fourth quarter reports arrive as CERT NZ warns New Zealanders of a global increase in reports of cyber criminals using the COVID-19 coronavirus pandemic as an opportunity to carry out online scams and malicious cyber activity.
“Reports have been received in Australia of COVID-19 themed scam text messages that have a link that claims to direct people to testing facilities,” CERT NZ said. “This link is not legitimate and instead may install malicious software on your device that’s designed to steal your personal information, such as banking details.”
CERT NZ said it was also aware of individuals in the U.K. had been targeted by coronavirus-themed phishing emails, with infected attachments containing fictitious 'safety measures’.
“Instead of the attachments containing health information, it instead installs malicious software on your device that’s designed to steal personal information,” CERT NZ said.
“We’ve also been made aware of similar emails being circulated internationally that encourage people to fill in their email and password before they can get information on COVID-19. These are not legitimate, and instead are an attempt to steal personal information.
“Security researchers have identified a new campaign where the attackers claim to have a ‘coronavirus map’ application that people can download onto their devices. Instead, the application is malware, designed to steal sensitive information from the device it is downloaded onto, such as passwords,” it added.