Rising Threats and Strategies for Resilience
As cyber threats evolve in complexity and scale, staying informed is critical to safeguarding your organization. The Quarter Four Cyber Security Insights 2024 report by CERT NZ provides a comprehensive analysis of the current threat landscape, emphasizing urgent trends, financial impacts, and actionable steps for businesses. Below, we unpack the report’s key findings and explore how organizations can fortify their defenses.
Number of incidents
A total of 1,358 incidents were recorded in Q4, with 1,258 handled through the NCSC’s general triage process. This represents a 34% decrease from the 1,905 incidents reported in Q3.
Over 1,350 incidents were reported to CERT NZ in Q4, reflecting a 15% quarterly rise. Small and medium-sized businesses (SMBs) were disproportionately targeted due to perceived vulnerabilities in their security frameworks.
1. Incident Category Breakdown
Phishing & Credential Harvesting (54% decrease)
Cybercriminals impersonate trusted entities (e.g., banks, government agencies, or colleagues) to trick individuals into revealing sensitive login credentials.
Despite a 54% decline in incidents compared to Q3, phishing remains a top threat due to its effectiveness in exploiting human error.
Malware & Ransomware (45% increase)
Refers to malicious software designed to infiltrate, damage, or steal data. Ransomware, a subset of malware, encrypts systems or data until a ransom is paid.
Attacks surged by 45%, with ransomware targeting sectors like healthcare and logistics, where operational downtime has severe consequences.
Denial of Service (DoS) (400% increase)
Attackers overwhelm networks or systems with excessive traffic, rendering them inaccessible to legitimate users.
DoS incidents spiked by 400%, disrupting critical services such as e-commerce platforms and healthcare systems during peak demand periods.
Botnet Traffic (100% increase)
Networks of compromised devices (e.g., IoT gadgets, servers) controlled by attackers to launch large-scale cyberattacks or spam campaigns.
Botnet-related activity doubled (100% increase), often exploiting weak passwords in poorly secured devices.
Attack on a System
Direct, targeted breaches aimed at exploiting vulnerabilities in software, hardware, or protocols to disrupt operations or steal data.
Financial loss
32% of incidents handled through the general triage process reported financial loss. The total reported financial loss in Q4 was $6.8 million, a 24% increase from the $5.5 million reported in Q3. There were 17 incidents with losses exceeding $100,000, the highest number of high-loss incidents in a quarter. These incidents varied, including cyber attacks, cryptocurrency scams, investment scams, and romance scams. Many incidents began with scam phone calls leading to unauthorised money transfers. The cumulative financial loss over the last eight quarters is $44 million, with an average quarterly loss of $5.5 million.
Nationally Significant Incidents
CERT NZ identified 100 incidents with potential national importance, including attacks on critical infrastructure and healthcare systems. These incidents threatened public safety and economic stability, highlighting the interconnected nature of cyber risks.
CERT NZ’s Phishing Disruption Service
Is a proactive initiative designed to identify and dismantle phishing campaigns targeting New Zealanders. The service works by detecting fraudulent websites impersonating legitimate organizations—such as banks, government agencies, or businesses—and collaborates with global hosting providers and domain registrars to remove these sites swiftly. In Q4 2024 alone, the service disrupted 320+ phishing campaigns, preventing countless data breaches and financial losses. Organizations and individuals can contribute by reporting suspicious emails or links to CERT NZ via phishing@cert.govt.nz, accelerating takedowns. This free service underscores CERT NZ’s commitment to collective defense, reducing phishing risks and enhancing national cybersecurity resilience.
Malware Free Networks (MFN)
Is a threat detection and disruption service that provides near real-time threat intelligence reflecting current malicious activity targeting New Zealand organizations. In Q4 2024, MFN disrupted 162,018,985 malicious threats and tasked 5,071 unique indicators.
At iT360 we are working to protect your business with all the latest tools and technology. If you want to discuss how we can help you Contact Us!
