Criminals tried to exploit Hong Kong residents’ COVID-related anxiety, according to new security data released yesterday by the Special Administrative Region’s secretary for innovation and technology Alfred Sit.
The secretary disclosed the data in response to a letter to the Legislative Council from barrister and non-official member of the Executive Council, Martin Liao.
Liao cited data that the Hong Kong Hospital Authority (HA) was subjected to 50 million cyberattacks last year, up from 20 million in 2015, with the HA also copping five ransomware attacks last year. He asked the government to provide more details on current cybersecurity trends.
Sit replied with a breakdown of information security incidents handled by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) from 2018 until 2020, revealing an overall decrease in attacks, but a surge in phishing.
Incident numbers fell from 10,081 in 2018 to 9,458 in 2019 and 8,346 in 2020. Phishing cases increased by 66 percent (2018 to 2019) and 35 percent to 3,483 cases (2019 to 2020). Malicious software reduced by 85 percent from 1,219 cases in 2019 to 181 cases in 2020.
Secretary Sit stated:
DDoS attacks remained in the double digits for all three years, but showed a 43 percent increase from 2019 to 2020. Sit chalks that up to an “increase in the ‘attack surfaces’ resulting from the provision of more online services by various sectors during the epidemic.”
The secretary also disclosed data on cybercrimes handled by the Hong Kong Police Force. Those numbers revealed that e-shopping fraud and romance scams have pulled in less money per scam, but found more victims in 2020 than in 2019. Monetary loss totaled HK$2.964B (US$382M) in 2020 through 12,916 cases, a 55 percent increase in cases from 2019 which pulled in HK$2.907B (US$374M).
Liao’s letter inquired about attacks on the healthcare industry, an item of concern after recent application outages in Hong Kong hospitals and April World Health Organization (WHO) data that recorded a fivefold increase in cyber attacks and a specific incident leaking 450 active WHO email addresses and passwords online.
Ransomware is also a concern in the healthcare industry, and some operators of the software have pledged not to target medical organisations during the current pandemic. However, both New Zealand’s Waikato District Health Board and Ireland’s nationalized health service were attacked by ransomware earlier this month. ®