CERT NZ’s latest quarterly report shows cyber attacks circulated by email posed the greatest threat to New Zealanders’
cyber safety between July and September this year.
According to CERT NZ, the government agency which supports organisations and individuals affected by cyber security
incidents, reports of business email compromise was up by 101% from quarter two with $944,000 direct financial loss.
During the same time period there was a surge in reports about a variation of malware1 called Emotet, which is spread
though a link or attachment in an email, resulting in a 34% increase in malware reports made to CERT NZ from the
previous quarter.
“Email is widely used and trusted both in business and our personal lives. This unfortunately makes it an easy target
for cyber attackers who are looking to make a quick buck,” says CERT NZ’s Director Rob Pope.
Attackers use business email accounts to carry out a range of scams, such as putting false bank account details on
invoices sent to customers. They gain access in a number of ways, including guessing or ‘cracking’ weak account
passwords, finding out passwords through data leaks online, or collecting login information through phishing2 campaigns.
“The good news is that the risk of these attacks impacting you or your business can be mitigated with a few simple
steps,” says Mr Pope.
“Updating your operating systems and software, having long strong unique passwords, and installing antivirus software
can go a long way to help keep you secure online.”
Figures from CERT NZ’s quarterly report also reveal reports of cyber security incidents are at an all-time high, with
2,610 reports made to the government agency in the third quarter of 2020 resulting in $6.4 million of direct financial
loss from all incidents that occurred.
“This is not surprising given the state of play over the last three months with a spate of distributed denial of service
(DDoS) attacks, ransomware attacks and online scams. These incidents serve as a wakeup call for Kiwis to tighten up
their online security.”
CERT NZ has recently expanded the way it collects data by working with more local organisations and international
partners to create a richer picture of the cyber threat landscape.
“Like the old adage says, to be forewarned is to be forearmed. Having more information about cyber threats means we have
a better understanding of what’s on the horizon, and are therefore in a better position to help New Zealanders up their
cyber defences.”
For more insights into what CERT NZ has seen in the New Zealand threat landscape in quarter three 2020, see the CERT NZ
Quarterly Report attached.
If you or your organisation experiences a cyber security incident contact CERT NZ at www.cert.govt.nz or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.