The Times Australia
News From Asia

.
Times Media

.

HKCERT Releases Annual Information Security Outlook and Forecast

Next Level Phishing Attacks Difficult to Distinguish
Hackers Exploit AI for Crimes Could Become a New Normal

HONG KONG SAR - Media OutReach Newswire - 1 February 2024 - The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) held a briefing today, and summarised the information security situation in Hong Kong in 2023 as well as released a security outlook for 2024.

Emerging technologies, such as artificial intelligence (AI), can bring additional benefits to businesses. However, with the development of these technologies, cyber attacks come one after another, and cyber threats become more complicated. Organisations and citizens must not underestimate them. It is important for organisations and citizens to have a better understanding of cyber security and to enhance their ability to respond to cyber security risks.

1. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) held a briefing today where Mr Alex CHAN, General Manager, Digital Transformation of HKPC, and spokesman of HKCERT (left), summarised the information security situation in Hong Kong in 2023 and forecasted the five key information security risks in 2024. It also invited Mr Frankie WONG, Vice-Chairperson of Professional Information Security Association, and representative of HKCERT Critical Infrastructure Cyber Security Watch Programme (right), to share the latest security risks of the ransomware.
1. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) held a briefing today where Mr Alex CHAN, General Manager, Digital Transformation of HKPC, and spokesman of HKCERT (left), summarised the information security situation in Hong Kong in 2023 and forecasted the five key information security risks in 2024. It also invited Mr Frankie WONG, Vice-Chairperson of Professional Information Security Association, and representative of HKCERT Critical Infrastructure Cyber Security Watch Programme (right), to share the latest security risks of the ransomware.

HKCERT handled a total of 7,752 security incidents in 2023. Among them, phishing accounted for nearly half of all cases (3,752 cases, 48%), showing a double-digit increase, with a 27% increase from 2022, also breaking the five-year record. The number of links related to phishing also exceeded 19,000, showing a double-digit increase as well, with a 22% annual increase. The number was also doubled in four years. Phishing attacks were concentrated in the banking, finance, and electronic payment industries, followed by e-commerce.

Mr Alex CHAN, General Manager of the Digital Transformation Division of Hong Kong Productivity Council and spokesperson for HKCERT said, "With the application of AI, hackers' actions may outpace the development of the cyber security industry. Additionally, the emergence of tools such as generative AI has significantly increased the prevalence of cyber attacks, particularly in the realm of phishing scams. The level of simulation has become increasingly sophisticated, making it nearly impossible for victims to distinguish between real and fake content. Furthermore, AI-driven threats possess adaptability, allowing them to analyse defences in real-time and readjust strategies, posing a challenge to traditional cyber security measures. Both organisations and individual users should be prepared for potential hacker attacks at any time. Furthermore, when using electronic devices with connectivity to other devices or the internet and third-party services, adequate security measures should be made, such as referencing international security standards, to reduce the risks after implementations."

The media briefing also invited Mr Frankie WONG, Vice Chairman of the Professional Information Security Association and representative of HKCERT Critical Infrastructure Cyber Security Watch Programme, to share an analysis of LockBit ransomware and the related preventive measures. He stated, "In recent years, ransomware attacks have become increasingly severe. Hacker groups actively search for vulnerabilities in organisations' networks, exploiting them to gain unauthorised access, steal data, and encrypt files. They then demand ransom payments, threatening to publicly release the compromised information. Once confidential data is stolen and exposed, the consequences can be endless. Therefore, organisations should be proactive in addressing these threats, regularly conducting comprehensive reviews of their network security vulnerabilities, and taking timely actions to prevent potential losses."

The Five Key Information Security Risks to be Aware of in 2024 are:

  • "Weaponisation" of AI: Hackers use generative AI to issue instructions for generating malicious code, dominating cyber attacks. Additionally, hackers can use AI to generate disinformation that affects the output of other AI, bypassing cyber security measures. Hackers also use AI to create fake videos to deceive for personal gain.
  • Next-Level Phishing Attacks: In addition to using traditional methods such as emails and text messages to conduct phishing attacks, hackers also use fake videos to impersonate someone's identity. Phishing attacks also extend to social media platforms, impersonating some brand pages. At the same time, hackers use search engine optimisation (SEO) techniques to make phishing websites appear at the top of search results, deceiving more victims.
  • Trend towards Organised Cybercrime: In 2023, Hong Kong experienced several ransomware attacks targeting local organisations, resulting in large amounts of ransom being extorted and sensitive data being exposed. Citizens also faced threats from malicious apps and phishing. Globally, the number of ransomware attacks and vulnerabilities reached a new high in 2023, indicating an increasingly serious trend of organised and systematic cybercrimes.
  • Attacks Arisen from Smart Devices: Electronic products nowadays are most equipped with network connectivity, allowing them to connect to other devices or the internet. These products have varying cyber security standards and are susceptible to intrusion and malicious manipulation. Some products cannot patch security vulnerabilities, making them difficult to block cyber attacks.
  • Third-party Risk: Most companies use IT services provided by third-party, such as software and IT personnel, but this gives rise to IT supply chain attacks and insider threats, leading to data breaches, ransomware attacks, and other consequences. Additionally, research suggests that generative AI may produce incorrect information, such as code with security vulnerabilities or false information. If organisations adopt such information without verification, it brings risks to their operations.

In response to these five key information security risks, Mr CHAN called on all sectors of society to strengthen their awareness of information security. He added, "AI is believed to be gradually adopted across various industries. However, before implementing AI, it is crucial to understand and balance its associated cyber security risks. Additionally, we need to be vigilant about emerging forms of phishing, such as the use of AI-generated phishing content, impersonation of official pages on social media platforms, and the exploitation of search engine optimisation for phishing purposes. Furthermore, we must remain cautious about the increasingly severe activities of cybercriminals."

Facing the ever-changing network environment, HKCERT will continue to take multiple measures to enhance public awareness of cyber security and safeguard cyber security. In terms of incident response, HKCERT will provide strategies and advice to the public for handling cyber security incidents, and proactively analyse cyber security vulnerabilities to provide practical guidance. In terms of prevention, HKCERT will take proactive action and collaborate with internet service providers and computer emergency response teams from different countries to remove suspicious websites. As for public education, HKCERT and the Office of the Government Chief Information Officer will co-organise a Cyber Security Week, set up interactive booths and tram promotion campaign, and publish security publications to remind the public to pay attention to emerging cyber security risks.

Hashtag: #HongKongProductivityCouncil

The issuer is solely responsible for the content of this announcement.

About Hong Kong Computer Emergency Response Team Coordination Centre

Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) is the centre for coordination of computer security incident response for local enterprises and Internet Users. Its mission is to facilitate information disseminating, provide advice on preventive measures against security threats and to promote information security awareness.

HKCERT collaborates with local bodies to collect and disseminate information, and coordinate response actions. HKCERT is also a member of the Forum of Incident Response and Security Teams (FIRST) and the Asia Pacific Computer Emergency Response Team (APCERT). We exchange information with other CERTs and act as a point of contact on cross-border security incidents.

For more information, please visit HKCERT's website:

About Hong Kong Productivity Council

The Hong Kong Productivity Council (HKPC) is a multi-disciplinary organisation established by statute in 1967, to promote productivity excellence through relentless drive of world-class advanced technologies and innovative service offerings to support Hong Kong enterprises. Being a key enabler of Industry 4.0 and Enterprise 4.0, HKPC strives to facilitate "new industrialisation" in Hong Kong, as well as bolstering Hong Kong to be an international innovation and technology hub and a smart city.

The Council offers comprehensive innovative solutions for Hong Kong industries and enterprises, enabling them to achieve resources and productivity utilisation, effectiveness and cost reduction, and enhance competitiveness in both local and overseas marketplace. The Council partners and collaborates with local industries and enterprises and world-class R&D institutes to develop applied technology solutions for value creation. It also benefits a variety of sectors through product innovation, technology transfer, and commercialisation, bringing enormous business opportunities ahead. HKPC's world-class R&D achievements have been widely recognised over the years, winning an array of local and overseas accolades.

In addition, HKPC offers SMEs and startups immediate and timely assistance in coping with the ever-changing business environment, and strengthens talent nurturing and Hong Kong's competitiveness with FutureSkills training for enterprises and academia to enhance digital capabilities and TechEd competencies. For more information, please visit HKPC's website:

The Times Features

Group Adventures Made Easy: How to Coordinate Shuttle Services from DCA to IAD

Traveling as a large group can be both exciting and challenging, especially when navigating busy airports like DCA (Ronald Reagan Washington National Airport) and IAD (Washington...

From Anxiety to Assurance: Proven Strategies to Support Your Child's Emotional Health

Navigating the intricate landscape of childhood emotions can be a daunting task for any parent, especially when faced with common fears and anxieties. However, transforming anxie...

The Rise of Meal Replacement Shakes in Australia: Why The Lady Shake Is Leading the Pack

Source Meal replacement shakes are having a moment in Australia, and it’s not hard to see why. They’re quick, convenient, and packed with nutrition, making them the perfect solu...

HCF’s Healthy Hearts Roadshow Wraps Up 2024 with a Final Regional Sprint

Next week marks the final leg of the HCF Healthy Hearts Roadshow for 2024, bringing free heart health checks to some of NSW’s most vibrant regional communities. As Australia’s ...

The Budget-Friendly Traveler: How Off-Airport Car Hire Can Save You Money

When planning a trip, transportation is one of the most crucial considerations. For many, the go-to option is renting a car at the airport for convenience. But what if we told ...

Air is an overlooked source of nutrients – evidence shows we can inhale some vitamins

You know that feeling you get when you take a breath of fresh air in nature? There may be more to it than a simple lack of pollution. When we think of nutrients, we think of t...

Times Magazine

Your Own Batmobile in the City: Is it Possible?

What do bats and submarines have in common? The smart answer is that they both use sound to get to where they are going. It is more interesting, however, to note why. Bats and submarines both have to deal with dark surroundings with limited visio...

Server Racks and Data Cabinets – What you Need to Know

Server racks and cabinets are what they say on the tin - designed to hold servers and other critical IT equipment for your business such as storage arrays and network switches. They are most commonly used in data centres and networking rooms. Th...

Property app Instarent

Property self-management soars during COVID lockdown The innovative PropTech app, Instarent, has seen exponential growth during the COVID -19 lockdown, reporting a 400 per cent increase in users during March/April 2020. These figures indicate ...

The Essentials of AV Integration: A Beginner's Guide to Audio and Video Integration

The fusion of AV systems into building design, known as AV Integration, is increasingly becoming vital to the work done by building services engineers and consultants. This transformative practice enhances not only the functionality but also the ...

Take Advantage of Cloud Accounting Software to Unlock Maximum Efficiency

In today's fast-paced business environment, it's critical to have access to real-time financial information. A cloud accounting solution provides a cost-effective, secure, and efficient way to manage your business's financial activities, regardless...

The Power of Tech in Business and How Mobile Solutions are Changing the Game

Technology is not just an option but a necessity, particularly in today’s fast-paced business world. From mobile apps to cloud-based accounting software, businesses are now more tech-driven than ever. Whether you are running a small local operation...