Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Cyber extortion tops charts as new biggest online threat

Tuesday, 3 March 2026

Hamish Krebs says one company realised it had hired three North Korean men working for the regime when their laptops were sent to the same address.
Hamish Krebs says one company realised it had hired three North Korean men working for the regime when their laptops were sent to the same address.

Cyber extortion has taken over from email scams as the most common sort of online threat, while the nature of hacks by overseas threat actors is changing, according to the annual survey from one of the biggest cyber security firms in Australia, NZ and the Asia Pacific region.

The news comes from Cyber CX’s annual 2026 Threat Report, released this morning. Cyber CX is a cyber security firm that provides service to two-thirds of the NZ50, as well as government entities. It operates across the Asia Pacific and in North America.

And, it says, as companies in one sector wise up to security threats, the bad guys find other ways and places to get in.

Some 59% of incursions were motivated by financial gain, while about 4% are for the purposes of espionage.

In 2025, the financial and insurance services sector overtook healthcare as the most attacked sector, subject to 18% of incursions. Healthcare was 12%, education 11%, information media and telecommunications at 9%, and manufacturing at 8%.

The firm has also found that nation-state level ‘threat actors’ have changed they way they are doing business over the past few years.

“We've also seen a lot of them where they care less about being detected, so they're not actually worried about… how they operate, and they're kind of a bit more kind of brazen, really, and a sort of equivalent of, ‘what are you going to do about it?’,” said Hamish Krebs, global executive director of Cyber CX’s digital forensics and incident response practice told The Post.

“Like they know they're going to get detected … We find them, we catch them, we boot them out. Sometimes it's hard to boot them out, but that's a bit of a change that we just have noticed over the past 12 months. Potentially, it's kind of the geopolitics of the world gets more elbows out,” he said.

While in the past three years the average time to detect financial crime was between 24 and 60 days, espionage runs far longer but dropped significantly this year from 390 days to 148 days. The longest espionage incident, according to the report, ran for 490 days.

Most foreign actor activity in New Zealand comes out of China.

The report also reveals that Cyber CX discovered that one of its clients was inadvertently employing North Koreans in application development and network systems teams. The workers were very good by all accounts, not involved in espionage, but were effectively illegal remittance men, engaged in procuring valuable foreign exchange for Kim Jong Un’s hermit regime.

“So they basically want foreign currency. So they're sort of masquerading as remote IT workers, and they come in and do a good job most of the time - like they're not actually trying to steal anything,” Krebs said.

“Sometimes they do, sometimes they're trying to steal stuff, but most of the time, it's actually just a way to get cash.”

Krebs said that the issue was picked up when a company involved realised it had sent three laptops to the same address. He said the workers do not operate in North Korea but usually travel to China or Russia.

In another concerning development, Cyber CX said it is seeing a rise in scams getting through multi-factor authentication. That’s where you might get emailed or text an authentication code to enter.

“Phishing kits in particular are designed to deal with [multi factor authentication]. Some of the very, very biggest data breaches we've worked on have happened because the MFA prompt you on your phone … and you're in a meeting, you're on a call, you hit, yeah, whatever, like, I'm trying to do something, and you let the bad guy in.”

Overall, Krebs said that manufacturing and smaller, more cost conscious consumers continue to be the most vulnerable to cyber attacks.

Krebs also says that one of the biggest rising challenges facing many companies is a lack of policies around AI usage, which can lead to sensitive information getting out into the wild, IP theft and all sorts of other problems down the line.

“Manufacturing is probably another place where we see a lot of sort of big, gnarly intrusions. It's all those places where they're cost conscious … on keeping your back end systems going. It is not a front of mind problem for a lot of organisations,” he said.

“They defer the spending on the upgrades and stuff, and they get to meet me as the ultimate kind of result of that.”