HKCERT warns of Web Defacement Attacks Targeting Hong Kong
Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), which is operated by the Hong Kong Productivity Council warns the public to be vigilant to cyber attacks targeting their IT infrastructure.
Web defacement in Hong Kong is discovered. As of 7:00pm today Oct 2, 2014, there were 11 websites from various private business sectors being targeted. The attacker exploited the vulnerabilities of the web servers to inject their content without the authorization of the website owners. Six of the websites have been recovered.
HKCERT is working closely with the Office of Government Chief Information Officer and Hong Kong Police to tackle this threat. We are contacting the victims to provide advice on recovery and the Police is looking into the matter. HKCERT have also issued security alert to warn the public of the threat. We will continue to monitor the situation and keep the public informed.
Enterprises and users can mitigate these attacks by following these steps immediately:
- Patch the web server and web applications with the latest updates
- Change all default application passwords
- Use strong password or two-step verification
- Restrict access and protect web administrator login page
- Remove all unused modules and application extensions
If you have security incident report or enquiry, please contact HKCERT Hotline: +852 8105-6060 or Email [email protected]