Higher-level phishing attacks are difficult to distinguish
Hackers exploiting AI for criminal purposes could become a new normal
HONG KONG SAR – Media OutReach Newswire – 1 February 2024 – The Hong Kong Computer Emergency Response Team (HKCERT) Coordination Center today held a briefing and summarized the information security situation in Hong Kong in 2023 and published a security outlook for 2024. Emerging technologies, such as artificial intelligence (AI), can bring additional benefits to businesses. However, with the development of these technologies, cyber attacks follow one another and cyber threats become more complicated. Organizations and citizens should not underestimate them. It is important that organizations and citizens have a better understanding of cybersecurity and strengthen their capacity to respond to cybersecurity risks.
1. The Hong Kong Computer Emergency Response Team (HKCERT) Coordination Center today held a briefing with Mr. Alex CHAN, General Manager of Digital Transformation of HKPC and spokesperson for HKCERT (left), summarized the information security situation in Hong Kong in 2023 and predicted the top five information security risks in 2024. He also invited Mr. Frankie WONG, vice president of the Professional Information Security Association and representative of the HKCERT Critical Infrastructure Cyber Security Watch program (right), to share the latest security risks of ransomware.
HKCERT handled a total of 7,752 security incidents in 2023. Among them, phishing accounted for almost half of all cases (3,752 cases, 48%), showing a double-digit increase, with an increase of 27% compared to 2022, also surpassing the five records of the year. The number of phishing-related links also exceeded 19,000, also showing a double-digit increase, with an annual increase of 22%. This number has also doubled in four years. Phishing attacks have focused on the banking, finance and e-payment sectors, followed by e-commerce.
Mr. Alex CHAN, General Manager of the Digital Transformation Division of the Hong Kong Productivity Council and Spokesperson of HKCERT, said: “With the application of AI, the actions of hackers could surpass the development of cybersecurity sector. Generative AI has significantly increased the prevalence of cyberattacks, particularly in the area of phishing scams. The level of simulation has become increasingly sophisticated, making it almost impossible for victims to distinguish real content from fake. Additionally, AI-based threats possess adaptive capacity. , allowing them to analyze defenses in real time and readjust their strategies, posing a challenge to traditional cybersecurity measures. Organizations and individual users must be prepared at all times for possible hacker attacks. Additionally, when using electronic devices connected to other devices. or on the Internet and third-party services, adequate security measures should be taken, such as referencing international security standards, to reduce risks after implementation. »
The press conference also invited Mr. Frankie WONG, Vice President of the Professional Information Security Association and representative of the HKCERT Critical Infrastructure Cybersecurity Monitoring Program, to share an analysis of LockBit ransomware and related preventive measures. He said: “In recent years, ransomware attacks have become increasingly serious. Hacking groups actively seek out vulnerabilities in organizations’ networks, exploiting them to gain unauthorized access, steal data, and encrypt files. They then demand payment of a ransom, threatening to publicly disclose them. ”
The top five information security risks to be aware of in 2024 are:
- “Weaponization” of AI: Hackers use generative AI to issue instructions to generate malicious code, dominating cyberattacks. Additionally, hackers can use AI to generate disinformation that affects the results of other AIs, thereby circumventing cybersecurity measures. Hackers also use AI to create fake videos to deceive for personal gain.
- Next-Level Phishing Attacks: In addition to using traditional methods such as emails and text messages to carry out phishing attacks, hackers also use fake videos to impersonate a person. Phishing attacks also extend to social media platforms, impersonating certain brand pages. At the same time, hackers use search engine optimization (SEO) techniques to make phishing websites appear at the top of search results, thereby fooling more victims.
- Trend towards organized cybercrime: In 2023, Hong Kong experienced several ransomware attacks targeting local organizations, resulting in the extortion of large ransom sums and the disclosure of sensitive data. Citizens have also faced threats from malicious apps and phishing. Globally, the number of ransomware and vulnerability attacks reached a new high in 2023, indicating an increasingly serious trend of organized and systematic cybercrime.
- Attacks from smart devices: These days, electronic products mostly come with network connectivity, allowing them to connect to other devices or the Internet. These products meet different cybersecurity standards and are susceptible to intrusions and malicious manipulation. Some products cannot patch security vulnerabilities, making it difficult to block cyberattacks.
- Third party risk: Most businesses use IT services provided by third parties, such as software and IT staff, but this gives rise to IT supply chain attacks and insider threats, leading to data breaches, attacks ransomware and other consequences. Additionally, research suggests that generative AI can produce incorrect information, such as code with security vulnerabilities or false information. If organizations adopt such information without verification, it poses risks to their operations.
In response to these five key information security risks, Mr. CHAN called on all sectors of society to strengthen their awareness of information security. He added: “It is believed that AI will gradually be adopted in various sectors. However, before implementing AI, it is crucial to understand and balance the cybersecurity risks associated with it. “The use of AI-generated phishing content, impersonation of official pages on social media platforms, and exploitation of search engine optimization for phishing purposes. Additionally, we must remain cautious of the increasingly serious activities of cybercriminals.”
Facing an ever-changing network environment, HKCERT will continue to take multiple measures to raise public awareness of cybersecurity and protect cybersecurity. In terms of incident response, HKCERT will provide strategies and guidance to the public for handling cybersecurity incidents, and proactively analyze cybersecurity vulnerabilities to provide practical guidance. In terms of prevention, HKCERT will take proactive measures and work with Internet service providers and computer emergency response teams in different countries to remove suspicious websites. Regarding public education, HKCERT and the Government Information Director’s Office will jointly organize a cybersecurity week, set up interactive booths and a tram promotion campaign, and issue publications on the security to remind the public to pay attention to emerging cybersecurity risks.
Hashtag: #HongKongProductivityCouncil
The issuer is solely responsible for the content of this announcement.
