HKCERT reports a steep rise in known security issues

The number of cybersecurity incidents in Hong Kong increased by 389% in the first quarter of 2019, a report from the region’s security response center has found.

Hong Kong Computer Emergency Response Team (HKCERT) has revealed that there were 80,266 known security events between January and March.

This compares with 16,414 cases in the fourth quarter of 2018.

The report (PDF) was compiled by HKCERT in collaboration with security researchers. It includes data from Hong Kong’s enterprises and internet users, as well as reports received by the security watchdog.

Server-related security issues, such as malware hosting and the defacement of websites, saw a steep rise in the first quarter of the year.

There were 72,201 reported instances of malware – a massive 786% increase from the 8,152 cases in the previous quarter.

HKCERT noted that there was an intermittent Ramnit malware campaign in March 2019, which could explain the growth.

Ramnit has been active since at least 2010, targeting computers worldwide in an attempt to steal personal and banking information, among other malicious actions.

While the Ramnit-infected IP addresses seen in Q1 were based in Hong Kong, the majority of the malware hosting websites were from mainland China.

The report also notes, however, that the campaign did not specifically target Hong Kong.

Sinking phish

In contrast, phishing campaigns continue to decline. A spike in Q2 of 2018 saw 34,391 unique phishing URLs, a figure that has significantly dropped since.

In Q1 of 2019, there were just 289 known unique phishing URLs and 72 known unique IP addresses were affected.

Elsewhere, the number of botnets in Hong Kong only slightly increased by 2%, from 7,307 known active bots in Q4 to 7,458.

Mirai is still the number one botnet in the country, followed by WannaCry and Conficker, the report states.

Hong Kong Productivity Council, the governing body of HKCERT, has done much to try to quell the spread of botnets, encouraging manufacturers to build internet-connected products with security in mind, and calling for the regulation of IoT devices.

HKCERT reiterated this message, releasing details of how to detect botnets here.

It also issued the usual advice: always patch and update computers; use strong, unique passwords; don’t expose unnecessary devices to the internet; and never download any files from unknown sources.


RELATED Hong Kong business council issues warning over surge in cyber-attacks