New Zealand businesses increasingly targeted by cyber crime

Friday, 22 July 2022

On the dark web, anyone can buy a ransomware program to hold a business’s data hostage for as little as $200.

Cybersecurity experts say businesses are increasingly becoming a target for cyberattacks.

Wenzel Huettner, chief cybersecurity architect at Defend said 10 years ago the main concern for businesses was spillover from attacks targeted at Australia.

Now New Zealand was being specifically targeted at an alarming rate, he said.

The Covid-19 pandemic had blurred the lines between home and work devices, which increased the risk of a worker jeopardising a business by falling foul of a malicious link.

* Training needed to help staff identify suspect emails, tech company says

* Why was an Australian media company hacked, and how do cyber attacks actually work?

Cybercrime is the second least-reported crime, after sexual assault, according to the Crime and Victims Survey.

Research from Microsoft showed New Zealanders at home were targeted by and consumed 30% more Russian anti-Covid-19 propaganda than Australians or Americans.

“Clicking on a propaganda article is not that different to clicking on malicious links. There’s no reason why hackers will not use these same methods to infiltrate a business,” Huettner says.

“We are well and truly past the point where we can consider geographic isolation any kind of protection.”

Theta head of cybersecurity Peter Bailey said developing technology meant it was easier and cheaper for scammers to target specific businesses.

On the dark web, a section of the internet only accessible through certain programs, anyone could buy a ransomware program to hold a business’s data hostage for as little as $200, Bailey said.

Or they could hire a hacker whose fee would be a percentage of the money extorted from the business, he said.

“You don’t even have to be very smart to do these crimes, you just have to know where to look,” Bailey said.

Of most concern was the amount of data for sale on the dark web about specific New Zealand businesses, he said.

On the dark web hackers research the weaknesses of businesses by using AI technology that scanned their online presences, he said.

The hackers collected information about the weaknesses in the businesses, called “toeholds”, Bailey said.

That could include the business running an out of date version of software, or a worker’s weak password.

The toeholds were then sold to other hackers for about $15 each, he said.

Hundreds of toeholds about New Zealand businesses were for sale on the dark web, he said.

New Zealanders have lost $23 million to scams in the last 18 months, with the majority of victims staying silent about being duped. (Video first published October 2020).

New Zealand was falling behind some of the other countries it measured itself against like Australia and the United States because it was a small business economy with a DIY culture, he said.

“Larger organisations are getting better about spending money on cybersecurity. But I worry about SMEs who often did not spend money on this, they could see themselves become more of a target.”

With inflation reaching a 30 year high, instances of cybercrime could be on the rise.

Cloudcheck managing director Vincent McCartney said as inflation increased businesses could expect more attacks from cyber criminals.

When interest rates went up, so too did volumes of financial information being distributed, which became a prime opportunity for hackers to try to get people to click on a malicious link, McCartney said.

“These are the cracks that fraudsters and identity thieves then capitalise on. Once they have a doorway into the organisation, it’s easy for them to land and expand their impact from there,” he said.

Individuals can stop the scams by becoming naturally suspicious of any calls or emails out of the blue, he said..

Cert NZ incident response acting manager Jordan Heersping said reports of cyber incidents had steadily increased year-on-year since 2017, with big jumps in activity in the last six months.

In 2021 nearly $17 million in direct financial loss was reported due to cyber crime.

Heerspring said Cert was concerned by evidence New Zealand was being regarded as a specific target.

The three most important things people could do to fend off an attack was to make sure passwords were long and unique, turn on two-factor authentication, and keep security systems up to date, he said.