With the growing trend of “cybercrime-as-a-service”, information security experts at the Hong Kong Productivity Council (HKPC) today (16 January 2017) urged enterprises and the public to strengthen their guard against a surge in attacks from ransomware, and incidents targeting web servers, mobile and Internet of Things (IoT) devices.

The advice came as HKPC’s Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) reported a 23% rise in security incidents in Hong Kong in 2016, totalling 6,058, as compared to 2015. Malware cases (1,139, or 19% of the total) powered the surge, with an increase of 247%; while Botnet (2,028 cases, 33%) and Phishing (1,957 cases, 32%) remained the principal sources of the reports.

Among all malware cases, ransomware contributed to 309 cases, which is a 506% increase from 2015, with home users being the major victims (92 cases), followed by incidents targeting education (26) and manufacturing (22) sectors.

Analysing the upcoming security trend, Mr Wilson Wong, General Manager (IT Industry and Business Process) of HKPC, said: “Cybercrime capability is becoming a commodity for criminals. They are offering the technologies, infrastructures and payment management as a service to other criminals in return for more financial returns for themselves through sharing of the proceeds. This will pump up ransomware attacks in 2017, with more threats to destroy or publicize the forcibly encrypted data. Also, more websites and critical IoT devices such as critical control systems may be subject to other extortion-related attacks as more systems are interconnected.”

In addition, “CEO email scams”, in which fraudsters impersonate senior executives of companies to send emails to trick staff to transfer funds to them, is expected to worsen in 2017. Furthermore, more data leakages from mobile devices are anticipated through suspicious mobile applications, and insecure or fake Wi-Fi access points.

Offering advice to the community, Mr Wong said, “Enterprises should apply good IT security management practices, especially for those who carry out ‘Bring-Your-Own-Device’ or engage in IoT in their business operations. They should also conduct awareness training for staff on scam emails. It is always a good practice to verify suspicious requests for fund transfers. On the other hand, the public should use strong password and two-factor authentication, and take due care when using public Wi-Fi, opening emails and visiting websites.”

HKCERT will continue to offer early warning and preventive advice on information security threats and incident response, and organize training to enhance security awareness for enterprises and Internet users. It will also proactively liaise and collaborate with local and overseas cyber security organizations on information sharing and incident handling.

For more information, please contact Leung Siu-Cheong, Senior Consultant of HKCERT, at tel.: (852) 2788 5420 or email: This email address is being protected from spambots. You need JavaScript enabled to view it. For incidents reporting or enquiries, please contact the HKCERT hotline at tel.: (852) 8105 6060, or email: This email address is being protected from spambots. You need JavaScript enabled to view it. For other media enquiries on HKPC services, please contact Felix Chan of HKPC’s Corporate Communication and Marketing Division at tel. (852) 2788 5036 or email: This email address is being protected from spambots. You need JavaScript enabled to view it.

* * *

Mr Jonathan Ho
General Manager
Corporate Communication and Marketing
Tel: (852) 2788 6390
Fax: (852) 2788 5056
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.hkpc.org

16 January 2017

Mr Wilson Wong, General Manager (IT Industry and Business Process) of HKPC (left), reviews the cyber security situation in Hong Kong in 2016, and speaks on the upcoming trends to brace the public and businesses for new security threats.Mr Wilson Wong, General Manager (IT Industry and Business Process) of HKPC (left), reviews the cyber security situation in Hong Kong in 2016, and speaks on the upcoming trends to brace the public and businesses for new security threats.