GovCERT.HK keeps observing the cyber security threat trends and shares some observations in February 2020 as follows:
Default credentials and security weaknesses in IoT devices are targeted by attackers for taking control of the devices to form botnets. General users and organisations should change the default credentials for the devices, adopt strong administrator passwords, and disable unnecessary features (e.g. remote management).
Multi-vector attacks are increasingly popular among threat actors to conduct attacks at both network and application levels. Organisations are advised to adopt multi-layer anomaly detection solutions to defend against complex attacks.
Use of weak passwords has been a common problem for a long time. Users could consider using long passwords made up of multiple phrases. Organisations should enforce strict password policies for important systems.
For details, please read the "Cyber Security Threat Trends 2020-M02" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in January 2020 as follows:
Phishing attacks become more targeted and personalised. Organisation-wide awareness training on new phishing techniques should be conducted, supplemented by focus training to specific groups of high risk users.
Threat actors target new attack surface on public cloud, 5G network and Internet of Things (IoT) technologies. Organisations should fully understand threats introduced by adopting the technologies and deploy risk mitigations together with the technologies.
Worm-based malware always spreads laterally across networks. Network administrators should adopt network segmentation, least privilege access control and zero-trust defense approach to contain the spread of malware.
For details, please read the "Cyber Security Threat Trends 2020-M01" report.