NCSC Q3 2024 Report Highlights Cyber Incidents Surge By 58%, Highlighting Cyber Threats to New Zealand

Overview

New Zealand’s National Cyber Security Centre (NCSC) has revealed its Cyber Security Insights Report for Q3 2024, offering a detailed overview of the cyber threats impacting New Zealand. The third-quarter report highlights an increase in cyber incidents, providing a deeper understanding of threat actors targeting individuals, businesses, and organizations across the country.

According to the NCSC’s Cyber Security Insights Report, the number of reported incidents surged to 1,905 in Q3 2024, marking a 58% increase compared to the previous quarter. While this rise might initially seem disconcerting, the NCSC noted that such an increase is actually a positive development. It reflects more New Zealanders and businesses taking proactive steps by reporting cyber incidents, thereby contributing to the country’s overall security posture.

The report stresses several key trends, with incidents of unauthorized access almost doubling. Additionally, phishing and credential harvesting incidents jumped by 70%, illustrating the heightened efforts of cybercriminals trying to trick victims into clicking malicious links.

Overview of the NCSC’s Cyber Security Insights Report

The NCSC’s report highlighted various online threats that New Zealanders faced in Q3-2024. Threat Actors have increasingly targeted routers, attempting to break into home and business networks.

Another threat identified is the Adversary-in-the-Middle (AitM) phishing attack, which compromises session cookies to bypass traditional security measures. Furthermore, the report introduces dynamic CVVs—a new technology aimed at curbing online fraud and offering more security for card transactions.

As the holiday season approaches, the NCSC also warns of common scams designed to steal personal information and money. New Zealanders are encouraged to visit the NCSC’s Own Your Online website for additional guidance on recognizing and avoiding these scams.

Financial Impact and Incident Breakdown

The NCSC’s analysis of financial losses in Q3 2024 reveals a 19% decrease compared to the previous quarter, with reported direct financial losses totaling $5.5 million. However, 25% of all incidents reported still resulted in some form of financial loss.

A closer look at the types of incidents shows that phishing and credential harvesting continue to be the most prevalent types of cybercrime. These incidents accounted for 43% of all reported incidents. Other categories include scams and fraud (31%) and unauthorized access (16%).

Here is the breakdown of incidents by category for Q3 2024:

Phishing Disruption Service: Combatting Cybercrime

The Phishing Disruption Service (PDS), a free service provided by the NCSC, continues to play an important role in protecting New Zealanders. By collecting and analyzing phishing links reported by the public, the NCSC actively publishes verified phishing indicators for organizations to block. In Q3 2024, the NCSC processed over 20,500 phishing indicators, with more than 6,200 of those being added to the PDS.

In Q3 2024, postage and shipping services were the industries most commonly impersonated by phishing scammers, reflecting an increasing trend in scams targeting the e-commerce and logistics sectors.

Conclusion

The NCSC Q3 2024 report highlights 98 incidents affecting national organizations, ranging from minor to notable in severity. No incidents are categorized as highly national emergencies.

The rising number of cyber incidents emphasizes the need for improved cybersecurity measures as cybercriminals adapt their tactics. Phishing attacks and unauthorized access continue to be prominent threats, highlighting the importance of strong security practices like multi-factor authentication and advanced threat detection.

References

• https://www.ncsc.govt.nz/news/quarter-three-cyber-security-insights-2024
• https://www.cert.govt.nz/insights-and-research/quarterly-report/quarter-three-cyber-security-insights/