News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Insights
  3. Cyber Threat Reports
  4. 2023/2024 Cyber Threat Report
  5. Incidents individuals or SME

Ngā whakaeke ā-ipurangi ka pā ki te tangata, ki ngā pakihi iti ki te waenga rānei Incidents usually affecting individuals or small to medium businesses

The majority of the incidents recorded by the NCSC affect individuals and small to medium businesses and organisations. Cyber criminals continue to prey on people’s increasing reliance on technology in their daily lives, as well as an absence of fundamental cyber security protections. Scams and fraud, phishing and credential harvesting, and unauthorised access were the most common types of incidents this year.

 

In total, NCSC recorded 7122 incidents in 2023/2024. The majority of these incidents, 6779, were handled through the NCSC’s general incident triage process because they did not require specialist technical attention. Often, these incidents impacted individual New Zealanders or small to medium businesses. While these incidents did not require specialist or intensive technical attention, they may be highly impactful for the people or organisations they affected.

6779 

Incidents handled through the NCSC's general triage process

565

Average incidents per month.

The 6779 incidents handled through the NCSC’s general triage process was 12.5% lower than the previous year. For these incidents, scams and fraud, and phishing and credential-harvesting were the most common types of incidents in this year. Both incident types generally rely on a person inadvertently taking actions that are part of malicious cyber activity. Most categories of incident experienced an overall decline from 2022/2023 figures, except website compromise and denial-of-service.

All 2023/2024 incidents handled through general triage process, by category

NCSC Graphs 2024 1

2023/2024 incidents handled through general triage process affecting individuals, by category

NCSC Graphs 2024 2

2023/2024 incidents handled through general triage process affecting organisations, primarily small to medium, by category

NCSC Graphs 2024 3 REVISED

Scams and fraud incidents

Of the 6779 incidents handled through NCSC’s general triage process in 2023/2024, 30% related to scams and fraud. Scams and fraud incidents rely on deceiving a legitimate user into doing something, rather than gaining unauthorised access to an account or system. Although the scams and fraud incidents included here are cyber-enabled, they can often only be prevented through the individual identifying them as illegitimate, as opposed to other cyber incidents which are cyber-dependent and can be prevented through cyber security controls. Incidents of scams and fraud includes fake investment ‘opportunities’ that are propagated over email, or online deals that are too good to be true.

 Cyber-enabled crimes are assisted, facilitated or escalated in scale by the use of technology.

Cyber-dependent crimes can only happen on computer, where the computer or the system is the target.

This incident type consistently features in the top three incident types reported. During 2023/2024, investment scams saw a 176 increase from the previous financial year (34 to 94 incidents). Extortion/blackmail scams increased from 119 to 136, although the reported financial loss decreased.

In August 2023, the NCSC became aware of reports of phishing coming from an organisation in the education sector. The NCSC let the organisation know they likely had a compromised email account. The organisation was then able to remove the malicious access to the compromised account. The NCSC also used the Phishing Disruption Service (PDS) to help organisations block the malicious website domain.

Breakdown of incidents in the scams and fraud category

NCSC Graphs 2024 4

Cyber security incidents targeting individuals remain a concern, despite lower numbers of reported incidents. With technology use pervasive within day-to-day life, whether people are buying and selling goods or pursuing career opportunities, threat actors are willing to identify and exploit opportunities to prey on people’s trust.

The NCSC provides general technical advice regarding scam and fraud incidents. Incidents that have potential financial or legal consequences, or where further action is required, are referred to New Zealand Police or other relevant agencies, with consent from the individual or organisation reporting.

Phishing and credential-harvesting incidents

Phishing and credential-harvesting continue to be the most common incidents reported by organisations, despite a 31% decrease from the previous year. This category was the second-most common incident reported by individuals (after scams and fraud) despite decreasing by 19%. The prevalence of this incident type is largely due to its use ranging from unauthorised money transfer to ransomware. The most common phishing impersonation theme was mail or package delivery, making up the vast majority of phishing emails and links. Other impersonation themes include government services, banks, and online shopping.

Unauthorised access incidents

In 2023/2024, the NCSC handled 681 reports of unauthorised access through its general triage process. 601 reports impacted individual New Zealanders, and 57 reports impacted organisations - a 23% and 27% decrease from the previous year, respectively. A further 23 incident reports did not specify who they impacted. A significant portion of these reports involve cyber threat actors gaining unauthorised access to social media accounts. For individuals, this frequently results in malicious messages being sent to their friends and family, spreading malware and furthering the distribution of scams. For organisations, this may include messaging customers as well as purchasing fraudulent ads to spread the same malware and scam messaging. The best ways to prevent unauthorised access include using long, strong and unique passwords, along with multi-factor authentication (MFA) to improve cyber security and reduce opportunities for malicious cyber actors to bypass security controls.

Top