Cyberattacks up five-fold, Hong Kong’s information security watchdog says
Public warned about rising risk of extortion-related incidents
Complaints of cyberattacks to Hong Kong’s information security watchdog shot up five-fold last year to 309 cases.
The total number of security incidents received by the Hong Kong Computer Emergency Response Team Coordination Centre climbed 23 per cent year-on-year to 6,058 in 2016.
Around one-fifth involved malware, with cases of ransomware increasing the most. This is where hackers encrypt files and force the user to pay a cash ransom or up to four Bitcoins (US$3,324) to unlock it or get it back.
Wilson Wong, general manager (IT Industry and Business Process) of the Hong Kong Productivity Council, said cybercriminals were selling one-stop services to other criminals, which led to more attacks. He warned that the threats would continue this year.
“They are offering the technologies, infrastructures and payment management as a service to other criminals in return for more financial returns for themselves through sharing of the proceeds,” Wong said on Monday in revealing its end-of-year report.
As more online systems became interconnected, the risk of extortion-related attacks increased, he added.
Cybercriminals usually send ransomware in emails that lure the victims to open a link or attachment, letting hackers into their computers.
Home users were the major victims with 92 reported cases, followed by education (26) and manufacturing (22) sectors.
In some cases hackers gave the files back to the victims for free if they sent a malicious link to two or more other people to infect their devices.
According to the centre, botnet and phishing each accounted for around one-third of all computer security incidents in 2016 and remained the principal sources of the reports.
The watchdog anticipated more data leaks from mobile devices through suspicious mobile applications and fake Wi-fi access points this year. It also expected a rise in “CEO email scams” – in which fraudsters impersonate senior executives of companies and send emails to trick staff into transferring funds to them.
Wong urged members of the public to use secure passwords and take care when using public Wi-fi, opening emails and visiting websites.