Urgency, fear and opportunity used by cyber attackers
Te Whanganui-a-Tara - Following a record quarter at the end of 2021, reports of cyber incidents and the associated financial losses have dropped back to roughly median levels, according to CERT NZ’s latest report.
The previous quarter saw a spike due to the prevalent Flubot campaign which used text messages to install malicious malware on New Zealanders’ devices.
While that has slowed, reporting numbers overall are still high, CERT NZ director Rob Pope says.
CERT NZ received 2333 reports in the first quarter of the year, an increase of 63 percent from the same quarter last year. Similarly, the $3.7m in direct financial loss is up 23 percent on Q1 2021.
The largest reporting category was phishing and credential harvesting, making up 59 percent of all reports. On average, CERT NZ receives 73 percent more reports about this category than any other.
Phishing is an incident type that has been around for decades but has evolved over that time. Attackers change their tactics to reflect current events and use social engineering triggers, like urgency, fear and opportunity, Pope said.
“Phishing is a major concern as it’s simple to do, from a technical perspective, and it’s a gateway to other kinds of incidents.”
Attackers use phishing to steal people’s personal credentials that they can use to gain unauthorised access to accounts and systems. They also leverage these attacks to find out who is likely to respond and use that information to run different scams.
The quarterly report contains a closer look at how phishing leads to tech-scam calls and direct financial loss.
Reporting phishing attempts to CERT NZ helps all New Zealanders because the sooner Kiwis learn of them, the sooner people can work with providers to take down phoney websites and stop others from potentially falling victim to a scam.
Also this quarter, the sudden rise in popularity of non-fungible tokens (NFTs) has seen a climb in scams relating to them. Cryptocurrency scams are increasing in general, but campaigns are now specifically targeting those looking to buy or sell NFTs.
This new form of investment has created a rich avenue of opportunity for scammers, who are always looking for an edge, Pope says.
NFTs appeal to attackers as they are still mostly unregulated, and payments are difficult to reverse or retrieve. The NFT market can be heavily hyped with high-profile projects and the estimated resale values can create a fear of missing out.
NEW ZEALAND | November 20, 2024 – Festival passes for the highly anticipated Crankworx Summer Series Christchurch and Crankworx Rotorua 2025 are officially on sale, with updates to both festivals designed to give back to fans, delivering the ultimate experience in mountain biking.