Extended lockdowns saw us spending more time online than ever, but cyber criminals have jumped on the information superhighway too, according to CERT NZ's latest quarterly report.
Between July and September CERT NZ responded to 2,072 incident reports about individuals and businesses around New Zealand. This was high, against the average of 1,623 per quarter over the last eight quarters.
Texts about parcel deliveries have been a popular scam, which is tricky as we emerge from lockdown, when online orders were the only game in town, into Christmas. It seems like low hanging fruit at a time when most of us are expecting a genuine delivery of some sort.
CERT (Computer Emergency Response Team) is a New Zealand Government organisation profiling cyber threats, while supporting and advising affected businesses and individuals.
It is also the central reporting point for online Covid scams, misinformation and other mischief, providing details to the Ministry of Health and the Department of Prime Minister and Cabinet.
Reported incidents encompass a variety of categories, with the top four being phishing (harvesting user data like usernames and passwords), scams and fraud, unauthorised access and malware.
Malware reports tripled in the September quarter compared to the previous quarter and is a highly pervasive threat, affecting everyday online functions like text messages and legitimate looking email attachments.
One lockdown plague has been 'FluBot,' a type of malware known as a worm characterised by self propagation and virulent spread as it seeks credit-card and bank information.
It affects Android devices only but has been firing out text-message links to all and sundry imploring them to click a link, often about a parcel delivery, which allows it to snoop and spread further.
"This increasing sophistication in attacks paired with our increasingly busy lives, means that sometimes we can get caught out," said Rob Pope, director of CERT NZ.
Other types of malware include trojans (which hide in legitimate files), ransomware (used to steal information and demand payment, as in the Waikato DHB cyberattack earlier this year) and spyware which logs usernames and passwords, particularly for online banking.
Distributed Denial-of-Service (DDoS) attacks, where bogus internet traffic is sent by hackers to overload a website, have also been part of the battle this year for CERT NZ, which worked with affected organisations to analyse threats and mitigate the fallout.
These attacks are reputational, causing frustration for the organisation's customers, as well as potential loss of income. During the September quarter a total of 4,438 such attacks targeted New Zealand networks.
CERT NZ also noted that more 'Internet of Things' (IoT) devices were now being corralled by hackers for DDoS attacks.
These devices, which are not our primary tools for connectivity, include WiFi-connected security cameras smart speakers and other devices in our homes which we may forget provide an opportunity for hackers.
CERT NZ recommends changing default passwords on these devices and considering whether they actually need to be connected to the internet and if not, disconnecting them.