Kiwi malware reports surge

Kiwi malware reports surge

Malware reports received by CERT NZ increased from just 32 in the second quarter of this year to 151 in the third quarter, more than triple the prior quarter’s volume.

Credit: Dreamstime

Reports of malware targeting New Zealanders rose sharply in the three months ending 30 September, compared to the previous two quarters, according to new data from New Zealand’s Computer Emergency Response Team (CERT NZ).

Malware reports received by CERT NZ increased from just 32 in the second quarter of this year to 151 in the third quarter, more than triple the prior quarter’s volume. The first quarter of the year, meanwhile, saw CERT NZ receive 40 such reports of malware.

Number of malware reports to CERT NZ.Credit: CERT NZ
Number of malware reports to CERT NZ.

According to CERT NZ’s Quarterly Report: Highlights Q3 2021, in the last week of the third quarter the cyber response team saw the global malware variant FluBot begin large-scale targeting of New Zealand mobile phones. These incidents contributed to this quarter’s spike in malware reports, CERT NZ noted.

“FluBot is a self-propagating malicious application which uses text messages to target mobile phones and spread across devices quickly. The texts can be received by all types of phones, however FluBot can only infect Android phones,” CERT NZ said in its report.

In response, CERT NZ partnered with the Digital Safety team at The Department of Internal Affairs (DIA) to lead the government response to the incident and worked collaboratively with New Zealand internet service providers (ISPs) to protect as many people as possible from the malware.

“This included close to 1,200 requests to take down malicious websites linked to FluBot. Our response also included supporting more than 700 New Zealanders who called CERT NZ with concerns about being affected,” the cyber agency said.

Incidents responded to by CERT NZ.Credit: CERT NZ
Incidents responded to by CERT NZ.

Overall, CERT NZ responded to 2,072 incident reports about individuals and businesses from all over New Zealand during the quarter, a substantial increase over both the second quarter and the first quarter, which saw CERT NZ respond to 1,351 and 1,431 incident reports respectively.  

Phishing and credential harvesting remained the most reported incident category, with 1,071 reports in Q3, a 73 per cent increase on the previous quarter. Scams and fraud reports, meanwhile, increased by 25 per cent.

All told, $3.3 million in direct financial loss was reported in Q3 as a result of reported cyber incidents, with 16 per cent of incidents reported involving financial loss.

According to CERT NZ, the average number of incident reports per quarter over the previous eight quarters is 1,623 while the average direct financial loss per quarter is $4.1 million.

Breakdown by incident category.Credit: CERT NZ
Breakdown by incident category.

In August, CERT NZ cautioned Kiwi businesses about weaknesses in widely used remote access solutions, urging them to work with their IT service providers to tighten up their security. 

According to the national cyber agency, the majority of local ransomware attacks occur through poorly configured remote access systems, which businesses use to allow staff to access systems from outside the office – a widespread factor amid the ongoing pandemic.  

While there are a range of such systems in use, one of the most commonly used is Remote Desktop Protocol (RDP), with over 2,500 identified in New Zealand, the agency noted at the time, adding that RDP has a number of weaknesses. 

This means that when the protocol is used over the internet it can be exploited by attackers and, indeed, is a leading contributor to the ransomware incidents that CERT NZ receives. 

Given that RDP is often exploited by attackers to gain access to an organisation’s network, CERT NZ recommended that organisations consider other options to enable remote working, such as a virtual private network (VPN).

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareCERT NZcyber security



Show Comments