Sophisticated phishing hacks could cost Hong Kong businesses millions

PUBLISHED : Thursday, 18 June, 2015, 11:21am
UPDATED : Thursday, 18 June, 2015, 3:08pm

Hackers are targeting the accounts departments of companies in Hong Kong with the intention of siphoning business payments into their own accounts, a report warned on Thursday. 

According to cybersecurity firm FireEye, hackers are using the "Dridex" malware family to target firms that regularly send large sums of money across borders. Some of this is then being illegally fed into different accounts. 

More than 35 per cent of FireEye's customers in Hong Kong said they had detected such attacks against them in the past year. 

Bryce Boland, FireEye chief technology officer for Asia Pacific, said that unless organisations have sophisticated security schemes in place, they would likely not spot the malware until it is too late.

"It's very easy for the attackers to fool someone into downloading the file, and it's unlikely that most organisations would be able to detect it," he said. 

Phishing attacks such as those described in the report are a combination of hacking and social engineering. They rely on an employee at a targeted firm downloading and running the malware themselves. 

"Hackers will use a ruse related to something the accounts organisation might actually open," Boland said, such as a report that looks official or a [possibly counterfeit] news story on a relevant topic, such as Hong Kong’s political reform. 
The potential cost to businesses is huge. According to an IBM report released in April, hackers "successfully stole upwards of a million dollars from unsuspecting companies" using similar tactics.

The same malware can be used against private individuals to steal their online banking credentials, the IBM report explained.

Once the hacking software is on victims' computers, it can display fake banking web pages that are able to record users' login details. 

"Hundreds, even thousands, of dollars can be transferred out of individual accounts and directly into the attackers' possession, earning them quick money," the report said.

READ MORE: One in four Hongkongers willing to hand over DNA info to banks if it means greater security

When pressed on how banks in the city protect their customers from this type of fraud, the Hong Kong Monetary Authority, a regulatory body, said they are required to comply with fixed guidelines set by the authority. 

"The HKMA carries out supervisory activities to assess banks' compliance with the relevant guidelines and circulars, and takes appropriate supervisory actions whenever needed," it said by email, adding that it does not comment on specific cases or attack methods.

Hong Kong is not the only target of hacking teams using the Dridex malware. 

FireEye said that the average exposure rate for the companies it tracks around the world stands at around 60 per cent. 

"We're seeing a lot of attacks against enterprises," Boland said. "[They target] people who have access to company bank accounts or payrolls." 

Hacking has become more of a concern in recent years after a slew of high-profile cases such as North Korea’s suspected hacking of Sony Pictures in December, which led to the dismissal of some of its top executives, and an attack on eBay early last year that resulted in the theft of the personal information of over 145 million of its users.

A recent poll of over 1,400 public and private companies worldwide by insurance firm Aon found that cyber risks emerged as a "major concern" for the first time, according to its Global Risk Management Survey.