What do New Zealand, Turkey and Australia have in common?

They were the only three targets of a sophisticated cyber attack which hijacked customers' banking apps to give hackers control of their accounts this year.

Kiwis are increasingly falling victim to cybercrimes that are growing in sophistication and volume, and specifically targeting the country, an annual report shows.

Symantec's 21st annual Internet Security Threat Report used metadata from 175 million devices in 157 countries to identify the biggest cyber risks in the world.


When compared with other countries, New Zealand "punched above its weight, in a bad way" in the results of the 2015 research, said Symantec's technology strategist Mark Shaw.

Kiwis were targeted with the second most ransomware attacks in the Southern Hemisphere and the fourth most social media scams in the Asia-Pacific region and ranked 21st globally for each.

Mr Shaw said there was a perception that Kiwis were safe and secure tucked away at the bottom of the world, but that was not the reality.

"There are no borders with cybercrime and it's a very big, lucrative business. There are many organised crime groups in many parts of the world but at the same time a guy with a few skills can buy some equipment and kick off his own ransomware campaign."

One such example of this, said Mr Shaw, was Slempo - that targeted just New Zealand, Australian and Turkish banking app users on Android.

Using a fake log-in screen, the malware locks a user's phone until they enter those details and steals them. It also can see text messages that the bank may send to verify a new password and then uses that code to gain access to accounts.

"So they could access all your credentials, and all that can happen just from trying to access your bank.

Another threat facing the country was the "internet of things" where devices that have not traditionally been online, including TVs, watches, machinery and vehicles, connect to the internet.

"Now criminals don't just have to go after PCs and laptops, now they can go after all these other devices. They can infect or connect ransomware to smart TVs."

A threat that made businesses especially vulnerable, he said.

"Traditionally machinery might have operated within a company's own internal systems and networks, but now they are coming online to be more efficient - but that brings with it risks, and it can all be done remotely over a computer."

When it came to business cybersecurity, small businesses were increasingly falling victim - with nearly half of organisations targeted having between one and 250 employees.

Globally, there was 430.5 million pieces of malware created in 2015 and three times as many apps were found to be dangerous compared to 2014.

NZ Cyber Crime in 2015

• Second most ransomware attacks in the Southern Hemisphere, and 21st globally
• 108 ransomware attacks per day - up 160% from 2014
• Fourth most social media scams in Asia-Pacific, and 21st globally
• Globally, 3 times as many apps were found to be dangerous compared with 2014
• iOS is safer than Android, but increasingly a target
• 430.5 million new pieces of malware created in 2015
• Cyber criminals becoming increasingly professional and efficient

Know your cyber crimes

Phishing: An email pretending to be from your bank, insurance company or other business in an attempt to get your security details to access your accounts/information
Spear phishing: Hackers use your public information, e.g. Facebook, LinkedIn, to target their attacks on you
Whaling: An email is sent purporting to be from a company's CEO or CFO authorising a large payment to be made offshore
Ransomware: Copies all the information on your computer and locks it - and won't give you access again until you pay a ransom
Malware: Software used to interfere with a computer system e.g. by stealing information or spying
"Internet of things": As more devices - including TVs, watches, machinery, vehicles - connect to the internet with potentially weak security, the more risky life online becomes
Data breach: When the security of a website's user database is compromised in some way e.g. credit card information stolen

Staying safe online

• Get security software
• Use secure and varying passwords, which can be kept safe by a password manager
• If something sounds too good to be true, it probably is
• Check all important emails are from who they purport to be