Close digital doors to fight cyberattacks in Hong Kong
- Attacks on Hong Kong businesses were up more than 50 per cent last year from a year earlier, as perpetrators exploited weak security to find unlocked digital doorways and launch ransomware raids
Cyberattacks against statutory bodies and prominent companies have made headlines in Hong Kong, but police statistics from the past year are a worrying sign that businesses are still not heeding calls for them to do more to fight increased hacking. There were 37 cyberattacks on businesses reported in 2023, a 54 per cent rise from the 24 cases recorded the previous year. Losses were up threefold to HK$2.1 million.
High-profile cases included Cyberport, the technology hub, which had more than 400GB of data, including bank account information and copies of staff identity cards, stolen in a ransomware attack last September. Hackers threatened to release details on the dark web and demanded a US$300,000 ransom. The money was not paid.
Only a week later, hackers hit the Consumer Council, taking personal data of more than 25,000 staff, former employees, magazine subscribers and those who took part in past events. The consumer watchdog also refused to meet a US$500,000 ransom demand.
Despite repeated warnings about the problem, police found many unlocked “digital doors” during an investigation that took place over five months from last September. Joe Lau Ngo-chung, chief inspector of the cybersecurity division, told a media briefing the force had tracked down and removed more than 210,000 devices with serious internet safety lapses and eliminated fraudulent websites.
Hong Kong police tell firms to tighten cybersecurity as more are hacked
Officers also found and removed nearly 40,000 other threats, including phishing websites used to trick victims into revealing their confidential information, as well as computers controlling networks of bots and some already compromised by hackers.
During the operation, officers also took part in a global Interpol exercise to crack down on phishing websites, malware and ransomware. The force deserves credit for coming up tops among 55 countries and regions for the number of busts made, but it is alarming that so many trouble spots were found. The advice from police and cybersecurity experts remains the same – keep computer software current, use strong passwords and two-factor authentication. But the first step is for companies and individuals to realise they are targets and to take action.
