From 1 October to 31 December 2024, there were 17 reports of incidents with losses over $100,000. They accounted for $4.7m of the total $6.8m in financial loss reported to the National Cyber Security Centre during the period.

“This is the largest number of high-loss incidents we have seen in a quarter," NCSC Threat and Incident Response team lead Tom Roberts said. “These incidents are also quite varied — ranging from cyber attacks on computers and accounts, to cyber-enabled scams.”

“Interestingly, many of these incidents started with a phone call from someone impersonating a well-known organisation, and led to the compromise of computers and accounts.”

While overall financial losses are up from the last quarter, the number of incidents reported through the NCSC’s online tool has dropped 34%. There was a significant decrease (54%) in reports of phishing and credential harvesting compared to the previous quarter.

"A decrease in numbers doesn't mean there’s less cybercrime,” Mr. Roberts said. “We know cybercrime is underreported and we need your reports to better understand and respond to the threats New Zealand faces.”

“When you report to us, we can alert other New Zealanders and help protect them from cyber attacks and scams.”

Key highlights from 1 October to 31 December 2024.

• 1,358 incident reports were recorded by the NCSC. Of these,100 were triaged for specialist technical support because of potential national significance. This is up slightly from 98 in Q3.
• The remaining 1,258 were handled through its general triage process. These incidents are taken from reports to CERT NZ, as part of the NCSC, from individuals and businesses. Compared to 1,905 in Q3, this was a 34% decrease in incident reports.
• Direct financial loss went up 24% from $5.5M in Q3 to $6.8M in Q4. This is 91% higher than the same time in 2023.
• 17 incidents reported losses of $100,000 and over – the highest we have seen in a quarter. Incidents in this category account for most of the total financial loss.
• Scams and Fraud overtook phishing as the most commonly reported category, despite a 15% drop in the number of Scams and Fraud incidents. The biggest drop was in incidents of Phishing and Credential Harvesting, which was a 54% decrease from 823 in Q3 to 381 in Q4.

© Scoop Media