HKPC Warns of Intensive Cyber Attacks in 2015

Information security experts at the Hong Kong Productivity Council (HKPC) today (12 January 2015) urged enterprises and Internet users to strengthen their vigilance against an anticipated surge in large-scale and intensive attacks targeting mobile and Internet devices, and servers.

The advice came as HKPC’s Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) reported a 103% surge in security incidents in Hong Kong in 2014, totalling 3,443, over 2013. The increase is the result of HKCERT’s enhanced efforts in proactive uncovering and handling of ‘invisible bot machine’ cases. As such, botnet accounted mainly for the hike, up 357% (1,973 cases); while phishing also grew 55% (594 cases).

Analysing the upcoming cyber security trend, Mr Wilson Wong, General Manager (IT Industry Development) of HKPC, said, “Last year more and more cyber attackers have expanded their targets from computers to mobile and internet devices, as well as servers. There were hacking cases on IP cameras to steal personal data, and on broadband routers and TV boxes to control them to launch attacks. With more smart devices coming to the market and the growing dependence on Internet applications in the ‘Internet of Things’ era, such attacks will only proliferate and become more devastating with enhanced network bandwidth.”

Botnet and ransomware are expected to grow in 2015. Cyber criminals will seek to steal credentials from point-of-sale systems, mobile devices and Internet services; or demand ransom by hijacking victims’ data. “One-click” attacks which will lure the general public to join the cyber crimes also worth attention. Members of the public are reminded that these attacks are criminal offences. They should stay alert and not participate in these activities.

Offering security advice to the community, Mr Wong said, “Enterprises must periodically patch their critical systems to close any security loopholes; while the public should take steps to protect their mobile devices, and use strong passwords and two-step authentication in Internet services. Another best practice is to regularly backup data and keep an offline copy to minimize risks of ransomware, and be wary of unsolicited software or hyperlinks, and abnormal requests for credential data or change of payment account details.”

On top of offering news and preventive advices on latest information security threats, incident response and support services, and organizing seminars to enhance security awareness for enterprises and Internet users, HKCERT also proactively liaises and collaborates with local and overseas cyber security organizations on information sharing and incident handling.

Mr Wilson Wong, General Manager (IT Industry Development) of HKPC (left), and Mr Leung Siu-Cheong, Senior Consultant of the Hong Kong Computer Emergency Response Team Coordination Centre of HKPC, review the information security situation in Hong Kong in 2014, and introduce the upcoming trends