Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Urgency, Fear And Opportunity Used By Cyber Attackers To Engineer Responses

Following a record quarter at the end of 2021, reports of cyber incidents and the associated financial losses have dropped back to roughly median levels, according to CERT NZ’s Cyber Security Insights report for Q1 2022.

“The previous quarter saw a spike due to the prevalent Flubot campaign which used text messages to install malicious malware on New Zealanders’ devices. While that has slowed, reporting numbers overall are still high,” said CERT NZ Director Rob Pope

CERT NZ received 2,333 reports in Q1 (January to March 2022) – an increase of 63% from the same quarter last year. Similarly, the $3.7m in direct financial loss is up 23% on Q1 2021.

The largest reporting category was phishing and credential harvesting, making up 59% of all reports. On average CERT NZ receives 73% more reports about this category than any other.

“Phishing is an incident type that has been around for decades but has evolved over that time. Attackers change their tactics to reflect current events and use social engineering triggers, like urgency, fear and opportunity,” Pope said.

“Phishing is a major concern as it’s simple to do, from a technical perspective, and it’s a gateway to other kinds of incidents.”

Attackers use phishing to steal people’s personal credentials that they can use to gain unauthorised access to accounts and systems. They also leverage these attacks to find out who is likely to respond and use that information to run different scams.”

This quarter’s Insights contains a closer look at how phishing leads to tech-scam calls and direct financial loss (page 6).

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

“Reporting phishing attempts to CERT NZ helps all New Zealanders,” Pope said, “because the sooner we learn of them, the sooner we can work with providers to take down phoney websites and stop others from potentially falling victim to a scam.”

Also this quarter, the sudden rise in popularity of NFTs (non-fungible tokens) has seen a rise in scams relating to them. Cryptocurrency scams are increasing in general, but we are now seeing campaigns specifically targeting those looking to buy or sell NFTs.

“This new form of investment has created a rich avenue of opportunity for scammers, who are always looking for an edge,” Pope said.

NFTs appeal to attackers as they are still mostly unregulated, and payments are difficult to reverse or retrieve. The NFT market can be heavily hyped with high-profile projects and the estimated resale values can create a fear of missing out.

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
GenPro: General Practices Begin Issuing Clause 14 Notices

GenPro has been copied into a rising number of Clause 14 notices issued since the NZNO lodged its Primary Practice Pay Equity Claim against General Practice employers in December 2023.More

SPADA: Screen Industry Unites For Streaming Platform Regulation & Intellectual Property Protections

In an unprecedented international collaboration, representatives of screen producing organisations from around the world have released a joint statement.More

 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.