The quarter was the return of an old favourite - DDoS, or distributed denial of service attacks - such as the one that hit the NZX during August, rendering its website inaccessible by smothering it with automated connection requests (usually money is demanded to stop; NZX would not comment on that point).
And as revealed by the Herald yesterday, Cert NZ has also seen the emergence of a new scam tailored to our the pandemic remote-working boom: emails that purported to be Zoom meeting invites, but actually contained links to malicious software that could take over your computer.
AUT computer science professor Dave Parry told the Herald Covid was a double-whammy.
The pandemic has spurred a working-from-home boom, often involving much lower security, as the same time that lockdowns around the globe had reduced many of organised crimes' usual "real-life" avenues - leading to a spike in cybercrime.
Businesses were being targeted to exploit the gaps in security that were opening up as staff shuffled files between work and home - and simply because commercial organisations are richer targets.
"We've seen a significant rise in reports of unauthorised access to organisations' networks within the last six months as more and more people work remotely," Cert NZ response manager Nadia Yousef told the Herald.
"Business email compromise has been on the increase since quarter two, and has led to significant financial loss to businesses and organisations throughout July, August and September."
Other highlights - or lowlights - from Cert NZ's September report:
• Cyber attacks circulated by email were one of the most commonly reported incidents. This includes 101 per cent increase on business email compromise from Q2, which resulted in $944,000 of direct financial loss.
• There was a 34 per cent increase in the number of malware attacks from Q2. The majority related to a malware called Emotet, which is spread via email.
