An e-commerce store was repeatedly suffering breaches over the past year.
Customers were being tricked into paying money into the attacker’s bank account, even though they were using the real website. The retailer hired a specialist IT services firm to rebuild the website and improve its security, but the attacker kept returning and compromising the website.
The retailer sought the help of CERT NZ.
“We were able to help them identify the key areas where their website’s security was falling short and to understand why these weaknesses hadn’t been resolved by their temporary and partial fixes,” says CERT NZ director Rob Pope.
“With guidance from our team, they were able to take steps to resolve the weaknesses and keep the attacker out for good.”
Pope says the case of this e-commerce store was one 736 cybersecurity incidents reported to CERT NZ from April to June.
This is the largest ever volume of reports for a single quarter, he says.
“The rising number of reports we are seeing demonstrates the growing level of trust for CERT NZ as a central front door for cybersecurity issues.”
CERT NZ says phishing and credential harvesting reports are also up significantly this quarter; from 196 in quarter one, to 455 in quarter two.
Of these, 337 were from the financial sector, with 321 of these masquerading as known New Zealand brands.
This leap in reporting comes from closer collaboration with the financial sector, and has enabled us to get a better picture of the phishing campaigns that constantly target New Zealanders, says Pope.
CERT NZ says it continues to see phishing emails pretending to be Office 365 documents and emails offering fake tax refunds.
It says direct financial losses from these breaches totalled $2.22 million for April to June, down 24 per cent from the previous quarter. Majority (75 per cent) of the incident reports are for small amounts, typically less than $500.
But those aged 55 and over continue to be the largest age group reporting losses to cybersecurity incidents, comprising 75 per cent of all of the losses reported.
CERT NZ says 69 vulnerability reports were received over the first two quarters of 2018, with 15 handled under the Coordinated Vulnerability Disclosure policy (CVD).
A vulnerability is a weaknesses in software, hardware or an online service that can be exploited to damage a system or access information.
The reported vulnerabilities were across a range of categories including websites (54 per cent), authentication, authorisation and accounting (14 per cent), and networking (13 per cent).
Pope encourages all organisations to have a plan for vulnerability reports.
“A little careful planning and talking to us ahead of time is likely to make the process much less painful for everyone involved.”