HKCERT Calls for Heightened Security Measures against Cyber Threats

Amid increasing public concern over cyber threats, the local information security watchdog - the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) advises enterprises and Internet users to keep their security measures up to date, and guard against rising attacks on web servers and mobile devices.

The HKCERT advice comes in the wake of surging computer hacking and botnet reports in the first six months of 2013. Among the 622 security incidents handled by HKCERT of the Hong Kong Productivity Council, over 51% came from botnet and hacking. The 94% increase in such attacks is an urgent call for preventive measures.

HKCERT also warns of rising distributed denial-of-service (DDoS) attacks and mobile and cloud security incidents with the growing use of mobile payment and increased awareness on cyber espionage.

Offering security tips to the community, Mr Leung Siu-Cheong, Senior Consultant of HKCERT, said “Enterprises and Internet users should make it a habit to maintain the security patches of their personal computers and servers up to date, and adopt firewalls and anti-malware software. Businesses, in particular, should establish policies on the classification and protection of sensitive data; manage both the mobile devices at work and service level of cloud service providers. In short, they should be well-prepared for large-scale attacks.”

“Users of mobile devices should take appropriate security measures such as to set password lock/screen lock; download and install applications from trusted websites; update system and applications frequently; and not to jailbreak the device nor grant root privileges. They should shut down network settings such as Wi-Fi or Bluetooth when not in use; and install mobile security applications to reduce the risk of information leakage,” he added.

From January to June 2013, HKCERT reported a total of 622 security incidents, up 12% from the same period last year. Botnet and hacking cases took up the majority which came as a result of a global cooperative action in June, involving HKCERT, to take down the Citadel botnets. Such attacks target to steal online banking information and personal identities.

During the period, HKCERT also published 246 security alerts and 47 security blog articles, and conducted six public and industry-specific seminars to raise awareness and advise on critical security vulnerabilities and attacks, and good practices.

As a continuous effort to promote information security, HKCERT will launch a new quarterly report in September with statistics of hacked computers in Hong Kong, using data collected from worldwide security researchers. A drill will be held in November to strengthen the readiness of critical Internet infrastructure providers against cyber attacks.