Prepare for more cyberattacks involving extortion this year, Hong Kong information security watchdog warns
Cybersecurity complaints rose last year with a surge in malware attacks, a trend that is unlikely to abate this year
Cybersecurity complaints rose to a record high last year due to a spike in malware attacks with the trend likely to continue this year, Hong Kong’s information security watchdog warned on Thursday, as it raised the possibility of more incidents involving extortion.
Last year, the Hong Kong Computer Emergency Response Team (HKCERT) received 6,506 complaints – 7 per cent more than the previous year. About one in three, or 2,041, were on malware attacks, an 80 per cent spike from the year before.
Global ransomware attack hits third Hong Kong system
The watchdog warned extortion and fraud-related cyberattacks could rise this year, as more hackers were working on behalf of shady clients rather than launching attacks on their own.
Wilson Wong, general manager of IT at the Hong Kong Productivity Council, pointed out that while hackers in the past were motivated by the thought of becoming famous for causing pure damage, these days, they were driven by money.
This “crime-as-service” model meant hackers were likely to “lock people’s computers or valuable information, and demand a ransom small enough that victims can afford,” Wong said.
In the case of WannaCry, Wong said 40 users fell for the attack. Another 1,210 computers were infected but a security expert managed to disable the worm within days.
Wong said that while no company was immune to cyberattacks, those that stored intellectual property and clients’ information were more likely to be targets.
Meanwhile, most computer browsers would show that transactions were secure with a padlock icon in the address field.
“Many people think smartphones are safer than computers when it comes to attacks, but that is not the case,” Leung Siu-cheong, senior consultant at the HKCERT, said.
The rise of ransomware: how data extortion became the biggest thing in cybercrime
Hackers could also attack the software suppliers of companies and install viruses through software updates, which would be hard to detect.
The watchdog advised individuals and companies to regularly back up their data, make offline copies of important information and test the safety of software updates.
Mobile devices in Hong Kong at risk of Blueborne cyberattacks
At the end of the day, companies would have to “restrict the exposure of corporate data and services to the internet and their service partners,” Wong said.