Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


NZ a soft target for growing cyber-crime threat

Tuesday 12 April 2016 04:35 PM

NZ a soft target for growing cyber-crime threat, report says

By Fiona Rotherham

April 12 (BusinessDesk) - The incidence of computer-attacking software has exploded in the last six years, from 2.3 million new pieces of malware in 2009 to 430.5 million last year, according to the latest Symantec Internet Security Threat Report, with New Zealand seen as a relatively soft target.

The report says cyber criminals are going corporate, establishing professional businesses with nine to five work hours and holiday pay, and their skills now match those of nation-state attackers.

“We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams,” said Symantec director Kevin Haley.

New Zealand was an increasingly popular target for cyber criminals, ranking second in the southern hemisphere in 2015 behind Australia and 21st globally for ransomware attacks – where cyber criminals put malware on someone’s computer and hold their digital content hostage until they pay up.

The report estimates ransomware attacks in New Zealand averaged 108 per day, compared to 636 in Australia. They increased 35 percent globally in 2015 and spread beyond PCs to smartphones, Mac and Linux systems, with attackers seeking any network-connected device to hold hostage for profit. The Internet of Things is predicted to connect 20.8 billion devices by 2020, including medical devices.

New Zealand ranked 21st globally for social media scams and was one of several countries targeted for tech support scams, which rose 20 percent last year, said Mark Shaw, technology strategist for Symantec, which sells the Norton anti-virus software. Its annual report, which is commonly cited globally in the absence of more independent figures, is based on data from its own network.

New Zealanders were fairly naïve when engaging on the internet, Shaw said, and the country needs legislation to force companies to report data breaches to their customers.

Replacing the current voluntary data breach reporting law with mandatory reporting forms part of proposed changes to New Zealand’s privacy legislation being drafted at present.

The draft legislation will need to define breaches, from deliberate access by a third party or accidental loss, to the threshold for mandatory notification.

The Privacy Commissioner received 121 voluntary notifications of data breaches last year, mostly caused by human error or carelessness, but how many go unreported is unknown.

The Symantec report says a total of 429 million identities were exposed by cyber crime, up 23 percent on the previous year, that is estimated to rise to half a billion if unreported breaches were included. The report found an 85 percent increase in companies choosing not to report lost records last year.

Shaw said just under half of data breaches in 2015 were the result of external hackers, often thanks to lost laptops or USB sticks and some by malicious insiders.

The Dyre financial Trojan malware stole the credentials of thousands of customers worldwide before being largely snuffed out by the end of last year, Shaw said. It targeted all of New Zealand’s major retail banks, triggered when customers did internet banking, he said.

The number of discovered zero-day vulnerabilities – where an unknown hole in the software is exploited by hackers – more than doubled to a record 54 in 2015, a 125 percent rise on 2014.

Spear-phishing attacks using apparently genuine email addresses rose by 55 percent in 2015. That included a growing number of small to medium enterprises (under 250 employees) which accounted for 43 percent of spear-phishing attacks, up from 18 percent in 2011. However, SMEs remain at the lowest risk of attack, with a 3 percent chance compared to 38 percent for a large organisation.

The NZ Fire Service and Te Wananga O Aotearoa were two local examples of companies hit by such attacks last year, Shaw said.

Breaches within the health services sector accounted for 39 percent of the total in 2015 and 36 percent of the information exposed was medical records, which also fetch the most on the underground market – an average US$50 per record. That compares to credit card details being sold for between 10 US cents to US$20, US$7 for personal information from gaming platforms, and 25 US cents for information from Netflix accounts.



© Scoop Media

Business Headlines | Sci-Tech Headlines


Forest And Bird: Misinformation Circulating On Biodiversity Policy

Forest & Bird is concerned at misinformation circulating regarding a policy statement aimed at protecting New Zealand’s unique biodiversity. The National Policy Statement for Indigenous Biodiversity is being consulted on by the ... More>>


NIWA: Scientists Say Methane Emitted By Humans ‘vastly Underestimated’

NIWA researchers have helped unlock information trapped in ancient air samples from Greenland and Antarctica that shows the amount of methane humans are emitting into the atmosphere from fossil fuels has been vastly underestimated... More>>


SMC Expert Reaction: Record Dry Spells And Effects On Forests

With no rain forecast before Sunday, Auckland is about to break a record for the city's longest dry spell. Niwa says Auckland is likely to hit 40 consecutive days without rain this weekend . The upper North Island is seeing severe meterological ... More>>


Reserve Bank: Official Cash Rate Remains At 1.0 Percent

The Monetary Policy Committee has decided to keep the Official Cash Rate (OCR) at 1.0 percent. Employment is at or slightly above its maximum sustainable level while consumer price inflation is close to the 2 percent mid-point of our target range. ... More>>


Science Media Centre: Novel Coronavirus Detected In China – Expert Reaction

The virus was detected after more than 40 people were hospitalised with pneumonia in Wuhan City, China and the outbreak traced to a large animal and seafood market. The Centers for Disease Control and Prevention reports that person-to-person transmission ... More>>


NZ First: Launch Of Parliament Petition To Remove Aluminium Dross

This afternoon to a crowd of over 100 people in Mataura -- Mark Patterson, New Zealand First List MP based in Clutha-Southland launched a parliamentary petition regarding the aluminium dross issue in Mataura, Southland. The petition asks that the House ... More>>