HKCert
Press Centre

HKPC Warns of More Financially-Motivated Cyber Attacks in 2018

Release Date: 18 / 01 / 2018
Last Update: 09 / 02 / 2018

 

 

With the growing trend of financially-motivated cyber crimes, information security experts at the Hong Kong Productivity Council (HKPC) today (18 January 2018) urged enterprises and the public to strengthen their defence against ransom-based cyber attacks.

 

 

 

HKPC issued the advice after its Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) reported a 7% rise in security incident reports in Hong Kong in 2017, totalling 6,506, as compared to 2016. For the second successive year, Malware cases (2,041 cases or 31%) saw the biggest surge, rising by 79%, and joined Botnet (2,084 cases or 32%) and Phishing (1,680 cases or 26%) as the principal sources of the reports.

 

 

 

Among all malware reports, despite fewer Ransomware incident reports (178 cases) were made to HKCERT last year, there were 1,210 bot-Wannacry cases. These involved large number of computers being infected by the notorious Wannacry ransomware that rocked the world last May, but encryption was yet to be triggered.

Analysing the upcoming security trend, Mr Wilson Wong, General Manager (Information Technology) of HKPC, said: “Financially-motivated cyber attacks will continue to proliferate due to the wider availability of paid cyber crime and one-stop attack services for criminals. The growing use of Internet-enabled devices in all aspects of life, and the popularity of mobile payment services will attract more attacks on ‘Internet of Things’ devices and mobile payment apps in 2018. In addition, more attacks targeting service providers with the aim to bypass users’ defence are anticipated.”

 

 

 

The new General Data Protection Regulation (GDPR) of the European Union (EU), which is applicable to whoever that have dealings with EU citizens or organizations, will come into effect in May 2018 under which more stringent controls on the collection, processing, storage and transfer of personal data, and breach notification will be adopted. It will put many related companies under extra cyber security pressure.

 

Offering advice to the community, Mr Wong said, “Enterprises must restrict the exposure of corporate data and services to the Internet and their service partners. In addition, two-factor authentication should be applied for sensitive services and software updates must be tested before actual deployment. Regularly backup data and keeping an offline copy can also minimize the impact of ransomware attacks. Meanwhile, software providers and mobile apps developers should take steps to defend against infiltration in order to protect their customers in the downstream.”

 

In 2018, on top of continuing to offer early warning, preventive advice, incident response and security awareness for enterprises and Internet users, HKCERT will embrace social media to disseminate up-to-the-minute security advisory. It will also work with key players in the Internet infrastructure to promote best security practice as part of a wider effort to position Hong Kong as a safe Internet hub.

 

 

 

Mr Wilson Wong, General Manager (IT Division) of HKPC (left), and Mr Leung Siu-Cheong, Centre Manager of the Hong Kong Computer Emergency Response Team Coordination Centre of HKPC