Year

Cyber Security Threat Landscape

Cyber Security Threat Trends Report 2019-M12

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in December 2019 as follows:

Ransomware attacks targeting Internet-facing network attached storage (NAS) devices have emerged. To protect the devices and data, it is essential to have regular offline backup, timely software update, restricted network access, strong password or multi-factor authentication, and encrypted data storage.

5G networks bring bandwidth surge and device proliferation, which could ease traffic manipulation and distributed denial-of-service attacks. Businesses should keep their cyber security policies and defense systems up-to-date to prepare for the additional risk exposure.

Social engineering attacks are on the rise. Organisations should train staff on the know-how to respond to the attacks for better defence, in addition to making them fully aware of the threats.

For details, please read the "Cyber Security Threat Trends 2019-M12" report.

Cyber Security Threat Trends Report 2019-M11

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in November 2019 as follows:

Phishing emails, malware attacks and human errors are the three major causes of security breaches. Organisations should arrange cyber security training, deploy advanced anti-malware solutions, and conduct regular security checks to prevent the breaches.

Artificial intelligence (AI) and machine learning (ML) make coming malware more destructive and evasive. Organisations should review their cyber security measures and catch up with the latest security solutions to leverage AI and ML instead of being victimised by the technologies.

Security misconfiguration on cloud-based systems is a prevailing issue leading to security incidents. System administrators should adopt the principle of least privileges in configuring their systems and third-party assessments should be carried out to assure secure settings.

For details, please read the "Cyber Security Threat Trends 2019-M11" report (revised on 15 January 2020).

Cyber Security Threat Trends Report 2019-M10

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in October 2019 as follows:

Phishing links deployed from trusted domains and over Hyper Text Transfer Protocol Secure (HTTPS) sessions are widely adopted in attacks. End users should be trained to validate sources of emails and web links to defend phishing attacks.

Known software vulnerabilities are often exploited by cyber criminals to compromise systems. Organisations should patch their systems timely and refrain from using de-supported software.

Web defacement is frequently suffered by Internet-facing websites. Website owners should regularly review and strengthen the security functionalities and mechansims of their web applications and hosting platforms.

For details, please read the "Cyber Security Threat Trends 2019-M10" report.

Cyber Security Threat Trends Report 2019-M09

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in September 2019 as follows:

Domain Name System (DNS) amplification attacks are on the rise. Attackers abuse the larger DNS Security Extensions (DNSSEC)-enabled response packets to generate more effective distributed denial-of-service (DDoS) traffic against target systems. Organisations should put in place applicable anti-DDoS measures to protect their critical services.

Phishing attacks keep growing steadily. Business email compromise (BEC) scams against employees for financial gains is one of the major concerns. Staff should be educated to verify message authenticity before performing the requested financial transactions.

User credentials are in high demand by attackers for compromising systems and identity theft. Users should use complex passwords and multi-factor authentication to protect themselves.

For details, please read the "Cyber Security Threat Trends 2019-M09" report.

Cyber Security Threat Trends Report 2019-M08

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in August 2019 as follows:

Ransomware attacks targeting organisations are on the rise. Organisations should secure their systems against remote exploitation and improve staff awareness against spear-phishing. Backup should be performed regularly and kept offline.

Vulnerable Remote Desktop Service (RDS) is a frequent attack vector. System administrators should disable unnecessary RDS and timely patch their systems to minimise the risk exposure.

Evasion techniques of malware continue to evolve and advance. Multi-layers of defense and detection mechanisms should be in place to protect the systems.

For details, please read the "Cyber Security Threat Trends 2019-M08" report.

Cyber Security Threat Trends Report 2019-M07

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in July 2019 as follows:

Data loss and leakage are the major cloud security concerns. Cloud resources should be properly configured and protected by strong authentication and authorisation.

PDF and Office documents are common carriers of malicious scripts and macros. End users should not open attached documents from unsolicited emails or electronic messages. Execution of PowerShell scripts or Office macros should also be restricted on need basis.

Outdated technologies pose risks to organisations because of lacking security updates or patches. Organisations should stop using de-supported technologies and plan for early upgrade of obsoleting technologies.

For details, please read the "Cyber Security Threat Trends 2019-M07" report.

Cyber Security Threat Trends Report 2019-M06

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in June 2019 as follows:

Ransomware is still a serious threat to organisations and users. Regular and offline backup should be performed. Organisations could consider implementing automated backup solutions.

Culprits always target to compromise user credentials. Users should use complex passwords, change their passwords regularly and use multi-factor authentication wherever applicable. They should not reuse the same password for multiple online services.

Increase in cloud platform adoption is inclined to lead to more cloud-based security incidents. Cloud governance mechanism and usage policy should be established when deploying the technologies to mitigate the risks.

For details, please read the "Cyber Security Threat Trends 2019-M06" report.

Cyber Security Threat Trends Report 2019-M05

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in May 2019 as follows:

Obsolete systems could impose risks to cyber security. Organisations should plan for upgrading system components before they become end-of-support or deprived of security patches.

Attacks follow money since threat actors are mostly motivated by financial gains. Businesses should conduct rigorous security risk assessments and protect their information assets accordingly.

Exploits against system vulnerabilities can emerge rapidly. System administrators should race to patch known system vulnerabilities to stop potential exploitations.

For details, please read the "Cyber Security Threat Trends 2019-M05" report.

Cyber Security Threat Trends Report 2019-M04

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in April 2019 as follows:

Ransomware grows in attacks on businesses. Organisations should improve security awareness of their staff in defence against attacks via phishing emails and malicious websites.

Botnets are actively built up by criminals to launch cyber attacks or for sale to do so. Owners of Internet-facing devices should secure their systems from being compromised into bots.

User credentials are favourable attack targets since they are keys to gain unauthorised access. System administrators should enforce strong password policy and multi-factor authentication to minimise the risk of credential stealing.

For details, please read the "Cyber Security Threat Trends 2019-M04" report.

Cyber Security Threat Trends Report 2019-M03

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in March 2019 as follows:

Account compromise thrives with voluminous passwords leaking from misconfigured open databases and massive identity breaches. Multi factor authentication and privileged access management should be the keys to the defence.

Extensible components including add-on modules and plugins, become popular attack targets as underlying software. Timely patching and secure configurations should be enforced.

Malware is more agile to develop new variants to evade detection and add the capabilities. Enterprises should implement multi-layers of security protection to mitigate the growing risks.

For details, please read the "Cyber Security Threat Trends 2019-M03" report.

Cyber Security Threat Trends Report 2019-M02

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in February 2019 as follows:

Cloud platforms become popular targets of attackers who are attracted by the platforms’ large volume of sensitive data and strong computational power. Enterprises should assure secure configurations and strong authentication for their cloud deployments

Exploit code is often readily available after disclosure of vulnerabilities. Enterprises must patch the known vulnerabilities timely before attackers could exploit them.

PowerShell is increasingly abused by malware for fileless attacks and lateral movement. LAN administrators should restrict PowerShell script execution on end user computers.

For details, please read the "Cyber Security Threat Trends 2019-M02" report.

Cyber Security Threat Trends Report 2019-M01

GovCERT.HK keeps observing the cyber security threat trends and shares some observations in January 2019 as follows:

Cryptographic ransomware continually disrupts operations by forcing its ways with various attack channels including phishing emails, online ads, compromised websites and remote desktop accesses. Users should back up data regularly and offline to prevent data loss.

Password compromise either through credential leakage or brute-force attack frequently leads to further system intrusions and information disclosure. Multi-factor authentication should be adopted for accounts to access sensitive information or personal data.

Evasion techniques become common for malware to infect systems. Multi-layers of defense and detection mechanisms should be implemented to mitigate the risks.

For details, please read the "Cyber Security Threat Trends 2019-M01" report.