“After discovering these safety issues during our investigation, the force contacted 80 local internet service providers to fix the loopholes,” Joe Lau Go-chung, chief inspector general of the force's cybersecurity division, said last Wednesday. spoke to the media at a press conference.
Companies that fell victim to hackers last year included several statutory bodies and well-known companies.
Last September, a ransomware attack stole more than 400GB of data at Cyberport, the city's technology hub, including bank account information and copies of staff IDs.
The hackers demanded a ransom of US$300,000 and threatened to release the information to the dark web, where criminals buy and sell data to use for fraud and other illegal purposes. No ransom was paid.
Hong Kong's Cyberport CEO resigns, search begins for new boss
Hong Kong's Cyberport CEO resigns, search begins for new boss
A week after that attack, hackers targeted the Consumer Council and stole the personal data of more than 25,000 staff, former employees, company newsletter subscribers, and attendees of previous events. The hackers demanded a $500,000 ransom, but the consumer watchdog group did not pay the ransom.
Acting Senior Superintendent Baron Zhang Xun-ching of the military's Cybersecurity and Technology Crime Bureau said losses from cyber attacks spiked last year due to a small number of incidents involving large sums of money.
In the largest case, a man allegedly stole HK$710,000 from his former employer over a 14-month period by gaining unauthorized access to the company's internal systems.
Chan said the company has notified the police, but the incident is still under investigation.
In a five-month online sweep, code-named Operation Strong Fighter, police analyzed more than three million pieces of data that suggested items were vulnerable to hacking, resulting in serious internet safety concerns. We found 175,970 devices with gender loopholes.
These included 100,000 remote controls for high-risk network connection points, approximately 63,000 no longer supported computer systems, and more than 4,800 legacy networks connected to storage devices.
Hong Kong Consumer Council falls victim to hackers, one month after tech hub attack
Hong Kong Consumer Council falls victim to hackers, one month after tech hub attack
Nearly 40,000 other Internet threats were also detected and removed. Most of them were phishing websites used to trick victims into divulging sensitive information. The rest were his 60 computers controlling a network of bots and his 4,006 computers taken over by hackers.
Police also took part in an international exercise against phishing websites, malware and ransomware organized by Interpol between September and last month.
Hong Kong police ranked first among 55 countries and territories in number of raids, removing 153 malware and phishing sites.
Hackers typically start by searching for targets on social media, search engines, or online port scans for vulnerable Internet Protocol (IP) addresses, says Paul Tsang Cheung-fai, director of systems engineering at Sangfor Technologies. said.
Once the target address is identified, the hacker attempts to guess the password to access the data within the computerized device before selling the stolen data on the dark web.
Tsang said that once hackers find a victim's password, they have an advantage.
“They can perform more thorough attacks, such as installing a backdoor program, and once the program is installed, they can perform further actions, such as controlling the device's camera,” he said.
Senior Inspector Lau called on businesses to keep their systems up to date and use strong passwords.
He has come across companies using weak, non-intuitive passwords such as “Admin” for web administrator accounts, as well as ignoring risk warnings from security scans of their systems, exposing them to potential cyberattacks. He said he came across a company that was
“Hackers first scan for well-known loopholes,” he says. “If businesses do not update their software and systems, cyber attackers may exploit them to carry out further attacks.”
