itb-nz logo
Story image

CERT NZ report: Unauthorised account access a growing problem

10 Jul 2019

New Zealanders are reporting more cybersecurity incidents and suffering lower reported financial losses, according to insights from CERT NZ’s latest quarterly report.

The report summarises statistics from January 1 to March 31 this year. During that period New Zealanders reported 992 incidents – the second highest on record since CERT was established.

New Zealanders reported direct financial losses of $1.7 million. While that is still a substantial loss, the figure is a 71% drop from the previous quarter.

The most pervasive type of cybersecurity incident reported is phishing and credential harvesting, which made up 45% of all total incidents recorded (445 incidents).

Scams and fraud followed closely behind, accounting for 325 incident reports. Of these, 53% were email extortion scams, 24% were related to the online purchases and sale of goods, and 6% were invoice scams.

On the other end of the spectrum, reported vulnerabilities and website compromises were the least reported, accounting for nine and ten reports respectively.

CERT NZ highlights the growing issue of unauthorised access, particularly as 96 reports related to the issue. New Zealanders lost approximately $329,000 due to these incidents.

Attackers targeted accounts including online banking, cloud services, email, and social media, for the purpose of stealing personal information and for financial gain.

“It’s easy to trust our email and other online accounts, assuming that a password will be enough to keep us protected,” says CERT NZ director Rob Pope.

“Attackers rely on this trust and exploit it to gain access to personal and corporate accounts. In many cases this can result in the loss of personal information and more.”

“One simple step people can take to protect their online accounts is to set-up two-factor authentication (2FA). Adding 2FA to your login process is a simple way of adding an extra layer of security to your accounts.”

The report provides a case study about how an IT service provider whose client’s Office 365 account had been compromised. The account was used to send thousands of phishing emails to contacts.

“Fortunately, the IT service provider noticed an unusually high volume of emails being sent. This alerted them to the attack and they reported it to CERT NZ,” the report says.

“CERT NZ worked with the IT service provider and the business to alert those on the contact list, help the business secure their account, and prevent the attackers from sending further emails.”

Of the 525 security incidents reported about organisations, the three sectors with the most reports included financial and insurance services (269 incidents), technology (32 incidents), and retail trade and accommodation (27 incidents).

“Helping people keep safe online and improving cybersecurity in New Zealand is at the core of what we do at CERT NZ,” says Pope.

“Having a broad range of people reaching out to us and getting the help they need reinforces our role as a central front door to help people get back on their feet quickly following a cybersecurity incident.”

If you or your organisation experiences a cybersecurity threat – or if you suspect you may have been exposed to one – contact CERT NZ any time at or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.

Story image
BlackBerry offers comms solutions free for 60 days
BlackBerry Desktop, SecuSUITE for Government, AtHoc and Protect are all available for enterprises in need of secure communications.More
Story image
NZ telcos to provide essential repair services using 'no contact' model
Telecommunications companies have closed their doors for usual retail service, but will provide repairs and modem and phone provisions only if there is a genuine connectivity issue.More
Story image
Axios Systems bolsters University of Canterbury's IT service management
“The Axios Systems team had clearly addressed the requirements set out in our RFP Documentation. Not only did they answer the question of assyst’s capability, but also commented on how we could expand the use of the same functionality in the future phases of our implementation."More
Story image
HP mobilises 3D printing resources to provide critical COVID-19 equipment
The company says more than 1,000 3D printed parts have already been delivered to local hospitals, and essential equipment being delivered include face masks, face shields, mask adjusters, nasal swabs, hands-free door openers, and respirator parts. More
Story image
NVIDIA expands licences for vGPU trial to 500
vGPU software creates virtual GPUs that can be shared and allocated between multiple virtual machines for remote workers.More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More