(Hong Kong, February 1, 2024) The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) held a briefing today, and summarised the information security situation in Hong Kong in 2023 as well as released a security outlook for 2024. Emerging technologies, such as artificial intelligence (AI), can bring additional benefits to businesses. However, with the development of these technologies, cyber attacks come one after another, and cyber threats become more complicated. Organisations and citizens must not underestimate them. It is important for organisations and citizens to have a better understanding of cyber security and to enhance their ability to respond to cyber security risks.
HKCERT handled a total of 7,752 security incidents in 2023. Among them, phishing accounted for nearly half of all cases (3,752 cases, 48%), showing a double-digit increase, with a 27% increase from 2022, also breaking the five-year record. The number of links related to phishing also exceeded 19,000, showing a double-digit increase as well, with a 22% annual increase. The number was also doubled in four years. Phishing attacks were concentrated in the banking, finance, and electronic payment industries, followed by e-commerce.
Mr Alex CHAN, General Manager of the Digital Transformation Division of Hong Kong Productivity Council and spokesperson for HKCERT said, “With the application of AI, hackers' actions may outpace the development of the cyber security industry. Additionally, the emergence of tools such as generative AI has significantly increased the prevalence of cyber attacks, particularly in the realm of phishing scams. The level of simulation has become increasingly sophisticated, making it nearly impossible for victims to distinguish between real and fake content. Furthermore, AI-driven threats possess adaptability, allowing them to analyse defences in real-time and readjust strategies, posing a challenge to traditional cyber security measures. Both organisations and individual users should be prepared for potential hacker attacks at any time. Furthermore, when using electronic devices with connectivity to other devices or the internet and third-party services, adequate security measures should be made, such as referencing international security standards, to reduce the risks after implementations.”
The media briefing also invited Mr Frankie WONG, Vice Chairman of the Professional Information Security Association and representative of HKCERT Critical Infrastructure Cyber Security Watch Programme, to share an analysis of LockBit ransomware and the related preventive measures. He stated, “In recent years, ransomware attacks have become increasingly severe. Hacker groups actively search for vulnerabilities in organisations' networks, exploiting them to gain unauthorised access, steal data, and encrypt files. They then demand ransom payments, threatening to publicly release the compromised information. Once confidential data is stolen and exposed, the consequences can be endless. Therefore, organisations should be proactive in addressing these threats, regularly conducting comprehensive reviews of their network security vulnerabilities, and taking timely actions to prevent potential losses.”
The Five Key Information Security Risks to be Aware of in 2024 are:
In response to these five key information security risks, Mr CHAN called on all sectors of society to strengthen their awareness of information security. He added, “AI is believed to be gradually adopted across various industries. However, before implementing AI, it is crucial to understand and balance its associated cyber security risks. Additionally, we need to be vigilant about emerging forms of phishing, such as the use of AI-generated phishing content, impersonation of official pages on social media platforms, and the exploitation of search engine optimisation for phishing purposes. Furthermore, we must remain cautious about the increasingly severe activities of cybercriminals.”
Facing the ever-changing network environment, HKCERT will continue to take multiple measures to enhance public awareness of cyber security and safeguard cyber security. In terms of incident response, HKCERT will provide strategies and advice to the public for handling cyber security incidents, and proactively analyse cyber security vulnerabilities to provide practical guidance. In terms of prevention, HKCERT will take proactive action and collaborate with internet service providers and computer emergency response teams from different countries to remove suspicious websites. As for public education, HKCERT and the Office of the Government Chief Information Officer will co-organise a Cyber Security Week, set up interactive booths and tram promotion campaign, and publish security publications to remind the public to pay attention to emerging cyber security risks.
- Ends -
FOLLOW US
SUBSCRIBE TO OUR NEWSLETTERS
Share the latest information of HKPC to your inbox
SIGNUP NOW