Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


NZ a soft target for growing cyber-crime threat

Tuesday 12 April 2016 04:35 PM

NZ a soft target for growing cyber-crime threat, report says

By Fiona Rotherham

April 12 (BusinessDesk) - The incidence of computer-attacking software has exploded in the last six years, from 2.3 million new pieces of malware in 2009 to 430.5 million last year, according to the latest Symantec Internet Security Threat Report, with New Zealand seen as a relatively soft target.

The report says cyber criminals are going corporate, establishing professional businesses with nine to five work hours and holiday pay, and their skills now match those of nation-state attackers.

“We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams,” said Symantec director Kevin Haley.

New Zealand was an increasingly popular target for cyber criminals, ranking second in the southern hemisphere in 2015 behind Australia and 21st globally for ransomware attacks – where cyber criminals put malware on someone’s computer and hold their digital content hostage until they pay up.

The report estimates ransomware attacks in New Zealand averaged 108 per day, compared to 636 in Australia. They increased 35 percent globally in 2015 and spread beyond PCs to smartphones, Mac and Linux systems, with attackers seeking any network-connected device to hold hostage for profit. The Internet of Things is predicted to connect 20.8 billion devices by 2020, including medical devices.

New Zealand ranked 21st globally for social media scams and was one of several countries targeted for tech support scams, which rose 20 percent last year, said Mark Shaw, technology strategist for Symantec, which sells the Norton anti-virus software. Its annual report, which is commonly cited globally in the absence of more independent figures, is based on data from its own network.

New Zealanders were fairly naïve when engaging on the internet, Shaw said, and the country needs legislation to force companies to report data breaches to their customers.

Replacing the current voluntary data breach reporting law with mandatory reporting forms part of proposed changes to New Zealand’s privacy legislation being drafted at present.

The draft legislation will need to define breaches, from deliberate access by a third party or accidental loss, to the threshold for mandatory notification.

The Privacy Commissioner received 121 voluntary notifications of data breaches last year, mostly caused by human error or carelessness, but how many go unreported is unknown.

The Symantec report says a total of 429 million identities were exposed by cyber crime, up 23 percent on the previous year, that is estimated to rise to half a billion if unreported breaches were included. The report found an 85 percent increase in companies choosing not to report lost records last year.

Shaw said just under half of data breaches in 2015 were the result of external hackers, often thanks to lost laptops or USB sticks and some by malicious insiders.

The Dyre financial Trojan malware stole the credentials of thousands of customers worldwide before being largely snuffed out by the end of last year, Shaw said. It targeted all of New Zealand’s major retail banks, triggered when customers did internet banking, he said.

The number of discovered zero-day vulnerabilities – where an unknown hole in the software is exploited by hackers – more than doubled to a record 54 in 2015, a 125 percent rise on 2014.

Spear-phishing attacks using apparently genuine email addresses rose by 55 percent in 2015. That included a growing number of small to medium enterprises (under 250 employees) which accounted for 43 percent of spear-phishing attacks, up from 18 percent in 2011. However, SMEs remain at the lowest risk of attack, with a 3 percent chance compared to 38 percent for a large organisation.

The NZ Fire Service and Te Wananga O Aotearoa were two local examples of companies hit by such attacks last year, Shaw said.

Breaches within the health services sector accounted for 39 percent of the total in 2015 and 36 percent of the information exposed was medical records, which also fetch the most on the underground market – an average US$50 per record. That compares to credit card details being sold for between 10 US cents to US$20, US$7 for personal information from gaming platforms, and 25 US cents for information from Netflix accounts.



© Scoop Media

Business Headlines | Sci-Tech Headlines


Commerce Commission: Latest Broadband Report Confirms Improved Performance Of Premium Fibre Plans

The latest report from the Commerce Commission’s Measuring Broadband New Zealand programme shows that the performance of Fibre Max plans has improved substantially. This follows a collaboration between the Commission, its independent testing partner, ... More>>

Air New Zealand: Capital Raise Deferred

Air New Zealand has decided to defer its planned capital raise to later in 2021 allowing more time to assess the impacts of recent developments on the airline’s path to recovery. 'We’ve seen some clearing of COVID-19 clouds recently, with ... More>>

Commerce Commission: Cartel Conduct Now Punishable By Up To 7 Years’ Jail Time

Cartel conduct can now be punished with a term of imprisonment of up to 7 years, after the Commerce (Criminalisation of Cartels) Amendment Act 2019 came into effect today. Cartel conduct includes price fixing, market allocation and bid rigging (see ... More>>

Stats NZ: Auckland Population May Hit 2 Million In Early 2030s

Auckland’s population may rise from about 1.7 million currently to 2 million by early next decade, Stats NZ said today. “Auckland will likely have the highest average annual growth of New Zealand’s 16 regions over the next 30 years, from ... More>>

Stats NZ: March Card Spending Rebounds Despite COVID

There was a lift in retail card spending in March following a fall in the lockdown-disrupted February month, Stats NZ said today. Seasonally adjusted retail card spending rose by $53 million (0.9 percent), compared with February 2021. Visit our website to read ... More>>

PwC: Outcome Of Review Into Air New Zealand Gas Turbines Business

Air New Zealand has received the report into its Gas Turbines business from independent external advisers PwC. Air New Zealand Chairman Dame Therese Walsh says the report identified a range of effective controls in the Gas Turbines revenue contracting ... More>>

LPG Association: Renewable LPG Achieves Emissions Budgets With No Need To Ban New LPG Connections

Renewable LPG can supply New Zealand’s LPG needs and achieve the emissions reductions proposed by the Climate Commission without the need to ban new connections, a new study shows. The investigation, by leading consultancy Worley, was prepared for the ... More>>