HKPC Warns of Growing Cyber Attacks that Harvest Credentials for Profit

[Press released on 20 Jan 2016] Enterprises and Internet users should strengthen their guard against an anticipated surge in cyber attacks targeting web servers, point of sale (POS) systems, and mobile devices; urged information security experts at the Hong Kong Productivity Council (HKPC) today (20 January 2016).

The advice came as HKPC’s Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) handled 4,928 security incident reports in 2015, up 43% from 2014. Phishing (1,978 cases) powered the surge, with an increase of 233%, as a result of new “flash” phishing attacks (1,375 cases, or 69% among phishing) that were launched using local web hosting services as cover. Incidents related to mobile devices also rose by 86% to 286 cases.

Analysing the upcoming cyber security trend, Mr Wilson Wong, General Manager (IT Industry Development) of HKPC, said, “Cyber criminals will continue to prey on websites with unpatched vulnerability and ill-protected POS systems, eyeing on the personal data and credit card numbers. Ransomware extortion will also proliferate as cyber criminals offer paid ransomware service, complete with kits for attacks on different operating systems and to manage ransom payment.”

Mobile malware are also expected to flourish with more attempts by cyber criminals to inject malicious codes into mobile application development tools. The mobile applications developed with the tool will subsequently carry malware which can evade detection by official app stores.

Offering security advice to the community, Mr Wong said, “Enterprises must periodically assess their web server security and patch any security loopholes. In addition, isolating POS systems from open network can limit attack surfaces. Regularly backup data and keep an offline copy can also minimize risks of ransomware. The public should take steps to protect their mobile devices, and be wary of unsolicited software or hyperlinks, and abnormal requests for credential data or change of payment account details.”

On top of offering latest updates and preventive advice on information security threats, incident response and support services, and organizing seminars to enhance security awareness for enterprises and Internet users, HKCERT will continue to proactively liaise and collaborate with local and overseas cyber security organizations on information sharing and incident handling.

Mr Wilson Wong, General Manager (IT Industry Development) of HKPC (left), and Mr Leung Siu-Cheong, Senior Consultant of the Hong Kong Computer Emergency Response Team Coordination Centre of HKPC, review the information security situation in Hong Kong in 2015, and introduce the upcoming trends