GovCERT.HK keeps observing the cyber security threat trends and shares some observations in May 2019 as follows:
Obsolete systems could impose risks to cyber security. Organisations should plan for upgrading system components before they become end-of-support or deprived of security patches.
Attacks follow money since threat actors are mostly motivated by financial gains. Businesses should conduct rigorous security risk assessments and protect their information assets accordingly.
Exploits against system vulnerabilities can emerge rapidly. System administrators should race to patch known system vulnerabilities to stop potential exploitations.
For details, please read the "Cyber Security Threat Trends 2019-M05" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in April 2019 as follows:
Ransomware grows in attacks on businesses. Organisations should improve security awareness of their staff in defence against attacks via phishing emails and malicious websites.
Botnets are actively built up by criminals to launch cyber attacks or for sale to do so. Owners of Internet-facing devices should secure their systems from being compromised into bots.
User credentials are favourable attack targets since they are keys to gain unauthorised access. System administrators should enforce strong password policy and multi-factor authentication to minimise the risk of credential stealing.
For details, please read the "Cyber Security Threat Trends 2019-M04" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in March 2019 as follows:
Account compromise thrives with voluminous passwords leaking from misconfigured open databases and massive identity breaches. Multi factor authentication and privileged access management should be the keys to the defence.
Extensible components including add-on modules and plugins, become popular attack targets as underlying software. Timely patching and secure configurations should be enforced.
Malware is more agile to develop new variants to evade detection and add the capabilities. Enterprises should implement multi-layers of security protection to mitigate the growing risks.
For details, please read the "Cyber Security Threat Trends 2019-M03" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in February 2019 as follows:
Cloud platforms become popular targets of attackers who are attracted by the platforms’ large volume of sensitive data and strong computational power. Enterprises should assure secure configurations and strong authentication for their cloud deployments
Exploit code is often readily available after disclosure of vulnerabilities. Enterprises must patch the known vulnerabilities timely before attackers could exploit them.
PowerShell is increasingly abused by malware for fileless attacks and lateral movement. LAN administrators should restrict PowerShell script execution on end user computers.
For details, please read the "Cyber Security Threat Trends 2019-M02" report.
GovCERT.HK keeps observing the cyber security threat trends and shares some observations in January 2019 as follows:
Cryptographic ransomware continually disrupts operations by forcing its ways with various attack channels including phishing emails, online ads, compromised websites and remote desktop accesses. Users should back up data regularly and offline to prevent data loss.
Password compromise either through credential leakage or brute-force attack frequently leads to further system intrusions and information disclosure. Multi-factor authentication should be adopted for accounts to access sensitive information or personal data.
Evasion techniques become common for malware to infect systems. Multi-layers of defense and detection mechanisms should be implemented to mitigate the risks.
For details, please read the "Cyber Security Threat Trends 2019-M01" report.