New Zealand’s National Cyber Security Centre (NCSC) has released its highly anticipated Cyber Security Insights Report for the third quarter of 2024. This report reveals new trends in the frequency and sophistication of cyber incidents across the country. With a 58% rise in reported cyber incidents from the previous quarter, the NCSC Q3 2024 Report provides an essential snapshot of new and emerging cyber threats.
Cyber Incidents Surge by 58%, According to NCSC Q3 2024 Report
The NCSC Cyber Security Insights Report for Q3 2024 highlights a total of 1,905 reported cyber incidents, marking a notable 58% increase compared to the previous quarter. Although this surge may appear concerning at first glance, the NCSC interprets it as a positive sign that more individuals and organizations are proactively reporting incidents, thereby strengthening New Zealand’s overall cybersecurity posture.
“The increase in incident reporting is encouraging, as it indicates growing awareness among businesses and individuals about the importance of cybersecurity,” stated an NCSC spokesperson. This trend reflects a heightened commitment to protecting personal and organizational digital assets from cyber threats.
The NCSC Cyber Security Insights Report identifies phishing and credential harvesting attacks as the most common tactics used by cybercriminals, with these incidents alone seeing a 70% increase in Q3 2024. These attacks, which typically involve fraudsters attempting to steal sensitive information through deceptive links or websites, have become a dominant threat for individuals and businesses alike.
Key Cybersecurity Trends Identified in the Report
Several disturbing trends emerge from the NCSC’s Q3 2024 findings. Unauthorized access incidents, for instance, nearly doubled, signaling that attackers are increasingly targeting business and personal networks. Another growing concern is the rise of Adversary-in-the-Middle (AitM) phishing attacks, which compromise session cookies to bypass traditional security measures.
Additionally, the report discusses the emergence of a new technology aimed at combatting online fraud: dynamic CVVs. This advanced security feature adds an extra layer of protection to online transactions by generating one-time codes for cardholders, offering a more secure alternative to traditional static CVVs.
With the holiday season fast approaching, the NCSC also issued warnings about common scams designed to exploit unsuspecting consumers. As people prepare for online shopping, the NCSC encourages Kiwis to be vigilant and visit its Own Your Online website for practical advice on recognizing and avoiding scams.
Financial Impact of Cyber Incidents
Despite the increase in the number of reported incidents, the financial losses associated with cybercrime decreased by 19% in Q3 2024, totaling $5.5 million in direct losses. However, it is important to note that 25% of all reported incidents still resulted in some form of financial loss.
The breakdown of incidents shows that phishing and credential harvesting attacks continue to be the most prevalent cybercrimes, accounting for 43% of all reported incidents. Other common categories include scams and fraud (31%), and unauthorized access (16%).
Here’s a closer look at the breakdown of incidents for Q3 2024:
- Phishing and Credential Harvesting: 823 incidents (up 70%)
- Scams and Fraud: 596 incidents (up 37%)
- Unauthorized Access: 300 incidents (up 80%)
- Website Compromise: 56 incidents (up 65%)
- Malware: 29 incidents (up 61%)
- Ransomware: 13 incidents (up 86%)
- Botnet Traffic: 4 incidents (up 300%)
- Suspicious Network Traffic: 2 incidents (down 50%)
- Denial of Service: 1 incident (down 75%)
- C&C Server Hosting: 1 incident (no change)
- Attack on a System: 0 incidents (no change)
- Other: 80 incidents (up 63%)
NCSC’s Phishing Disruption Service Makes Strides
One of the NCSC’s most effective tools in the fight against cybercrime is its Phishing Disruption Service (PDS). This free service enables the NCSC to collect, analyze, and block phishing links reported by the public. In Q3 2024 alone, the NCSC processed more than 20,500 phishing indicators, with over 6,200 of them added to the PDS database.
The most frequently impersonated industries in phishing schemes during the quarter were postage and shipping services, reflecting a broader trend of scammers targeting the growing e-commerce and logistics sectors.
National Impact and Recommendations from NCSC Q3 2024 Report
While the NCSC Q3 2024 report identifies 98 incidents affecting national organizations, none of these have been classified as “high national emergencies.” Nevertheless, the rising number of cyber incidents points to the increasing sophistication of cybercriminals and the need for enhanced cybersecurity measures across all sectors.
As cybercriminals continue to adapt their strategies, the NCSC stresses the importance of strong security practices, including the implementation of multi-factor authentication, regular software updates, and advanced threat detection systems.
