GovCERT.HK keeps observing the cyber security threat trends and shares some observations in November 2020 as follows:
Criminals use encryption, legitimate penetration testing tools and common cloud services to hide their malicious activities. Organisations should adopt a multi-layered defense in depth strategy with full support of SSL/TLS inspection to protect from hidden malicious threats.
Windows Remote Desktop Protocol (RDP) is heavily targeted by threat actors to launch cyber attacks. Organisations should ensure RDP service is not exposed to the Internet. Unnecessary services and network ports should be disabled to reduce attack surfaces.
Ransomware continues to evolve with higher encryption speed and improved defense evasion mechanism, and induces more severe damages to victims. Organisations should patch their systems timely, adopt least privilege principle, and maintain offline backup to defend against the threat.
For details, please read the "Cyber Security Threat Trends 2020-M11" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in October 2020 as follows:
Result of a survey conducted by a web application security solution provider showed that over one-third of organisations did not conduct security scan for all of their web applications. Organisations should regularly conduct penetration test, security risk assessment and audit to detect and rectify security loopholes of their applications.
Rapid transition to remote workforce insecurely and usage of personal devices to access organisations' network introduce security risk to organisations. Secure Virtual Private Network (VPN) and multi-factor authentication (MFA) should be adopted for work from home arrangement.
Phishing continues to impose serious security threats to organisations and end users. Organisations should continuously educate staff in defence against phishing attacks. Users should always stay alert in handling links or attachments in electronic messages.
For details, please read the "Cyber Security Threat Trends 2020-M10" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in September 2020 as follows:
COVID-19 pandemic-themed threats become the new norm. Users should raise their awareness on handling electronic messages and refrain from installing apps from untrusted sources.
Security software discovery emerges as a prominent attack technique. System administrators should implement a multifaceted approach to monitor system processes as well as the usage of command-line arguments and utility tools that can capture system and network information.
Ransomware double extortion attack continues causing serious threat. Organisations should endeavour to avoid ransomware infection by implementing measures such as timely software update, restrict network access and user account privileges, deploy updated endpoint security solution and educate their users in defence against attacks from malicious emails and websites.
For details, please read the "Cyber Security Threat Trends 2020-M09" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in August 2020 as follows:
Data breach grows in both data volume and severity. Organisations should assure secure configurations, strong authentication and privileged access management are in place for their systems.
Defense evasion by exploitation of vulnerabilities and abuse of legitimate administration tools remain prevalent attack tactics. System administrators should restrict the use of administration tools on need basis, apply strict audit policy and patch their systems timely.
Security and network misconfiguration in cloud deployments are prevailing issues leading to breaches and data leakage. Organisations should adopt the security by design approach throughout the whole system development lifecycle. Least privilege principle should be adopted in system and network configuration.
For details, please read the "Cyber Security Threat Trends 2020-M08" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in July 2020 as follows:
Sophisticated distributed denial-of-service (DDoS) attack volume reaches a new high. Organisations should subscribe DDoS mitigation service and plan for DDoS response actions to protect critical services. Users should install latest software patches and change default password to strong passwords for Internet of Things (IoT) devices such as digital video recorders, Wi-Fi routers, etc.
More new vulnerabilities in different platforms are discovered. Organisations should adopt risk-based strategies to manage increasing vulnerabilities based on threat level and service impact, apply latest security patches to systems and devices timely.
Phishing remains the top fraud attack type and new phishing campaigns keep emerging during COVID-19 pandemic. Organisations should educate staff and arouse their security awareness in defence against attacks via phishing emails and malicious websites.
For details, please read the "Cyber Security Threat Trends 2020-M07" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in June 2020 as follows:
DNS-based attacks stay frequent despite increased awareness of the threats by organisations. Organisations should take priority to maintain their DNS service availability and integrity to avoid their businesses being severely impacted.
Data theft, ransomware and cryptomining are regarded as top threats to cloud environments. Cloud customers should work with their cloud service providers to conduct regular security risk assessments and reviews for assuring sufficient controls against prevalent threats.
Endpoint security becomes increasingly important with decentralised workplaces amid the COVID-19 pandemic. Patching endpoint software timely, utilising endpoint detection and response (EDR) solutions, and educating end users of security best practices are key to secure the work-from-home model.
For details, please read the "Cyber Security Threat Trends 2020-M06" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in May 2020 as follows:
Vulnerable or outdated open source components increase security risks to organisations yet they are easily neglected. Organisations should stocktake their software in use regularly to uncover any unpatched or obsolete components for security updates or product upgrades respectively.
Access credentials are the common data type exposed in data breaches. Users should not use the same password for different systems / services, and multi-factor authentication should be adopted whenever applicable.
A local surge of malware hosting events in 2020 Q1 broke the downtrending throughout 2019. System administrators should stay alert and follow security best practices including but not limited to keeping IT asset inventory up-to-date, patching system components timely, hardening server configuration, and reviewing logs regularly.
For details, please read the "Cyber Security Threat Trends 2020-M05" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in April 2020 as follows:
Threat actors continue their attempts to exploit system vulnerabilities no matter the vulnerabilities are new or old. System administrators should timely patch known system vulnerabilities and conduct vulnerability scanning regularly to uncover any unfixed loopholes.
Cyber attacks related to the COVID-19 pandemic evolve with the emergence of new phishing themes as lures. Users should always stay alert and be careful on handling any forms of electronic messages.
Macro-enabled documents keep commonly used by attackers for malware delivery. Office macros should not be enabled by default when opening office documents. End users should exercise prudence in handling macro-embedded documents.
For details, please read the "Cyber Security Threat Trends 2020-M04" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in March 2020 as follows:
Hot topics, such as the recent Coronavirus pandemic, are favourite lures used by culprits to launch scamming, phishing, smishing, pharming or similar attacks. Users should always remain vigilant when clicking links or opening attachments in electronic messages.
Use of unauthorised mobile apps could lead to security breaches in organisations. Organisations should establish a policy to control the installation and use of mobile apps on corporate devices. A Mobile Device Management (MDM) system could be an effective solution to enforce the policy.
Malware becomes increasingly evasive. Organisations could adopt and keep updating multi-layer defences at networks, servers and end-points to detect and stop the attacks.
For details, please read the "Cyber Security Threat Trends 2020-M03" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in February 2020 as follows:
Default credentials and security weaknesses in IoT devices are targeted by attackers for taking control of the devices to form botnets. General users and organisations should change the default credentials for the devices, adopt strong administrator passwords, and disable unnecessary features (e.g. remote management).
Multi-vector attacks are increasingly popular among threat actors to conduct attacks at both network and application levels. Organisations are advised to adopt multi-layer anomaly detection solutions to defend against complex attacks.
Use of weak passwords has been a common problem for a long time. Users could consider using long passwords made up of multiple phrases. Organisations should enforce strict password policies for important systems.
For details, please read the "Cyber Security Threat Trends 2020-M02" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in January 2020 as follows:
Phishing attacks become more targeted and personalised. Organisation-wide awareness training on new phishing techniques should be conducted, supplemented by focus training to specific groups of high risk users.
Threat actors target new attack surface on public cloud, 5G network and Internet of Things (IoT) technologies. Organisations should fully understand threats introduced by adopting the technologies and deploy risk mitigations together with the technologies.
Worm-based malware always spreads laterally across networks. Network administrators should adopt network segmentation, least privilege access control and zero-trust defense approach to contain the spread of malware.
For details, please read the "Cyber Security Threat Trends 2020-M01" report.