The Daily Swig Web security digest

HKPC – ‘IoT devices need to be regulated’

Jessica Haworth | 28 February 2018 at 11:16

Wilson Wong, general manager of IT at the Hong Kong Productivity Council, discusses the increasing threats presented by smart systems.

The Hong Kong Productivity Council (HKPC) has called for the regulation of smart devices, as internet-enabled systems continue to be targeted by hackers.

HKPC, which has overseen the operation of the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) since 2001, received more than 6,500 cybercrime reports last year, up 7% on 2016.

For the second successive year, malware (2,041 cases) saw the biggest surge, rising by 79% and joining botnet (2,084 cases) and phishing attacks (1,680 cases) as the principal sources of the reports.

And with the introduction of Internet of Things (IoT) devices and the ever-looming threat of cyber-attacks such as cryptojacking, HKCERT said it is more dedicated than ever to increasing education around cybersecurity.

Wilson Wong, general manager of IT at HKPC, spoke to The Daily Swig about the threats the council has outlined for 2018 – and what it will do to combat them.

What is HKPC’s view on the rise of Internet of Things devices, in terms of both opportunities and threats? 

The number of IoT devices is growing at a rapid rate, and at the same time the associated cybersecurity risks are increasing.

The key issue here is that there is a lack of security practice within the growth of IoT. 

For example, many IoT devices are supplied with default or hardcoded username/password.

There is no good vulnerability management and there is also lack of security defense on many devices – for example no firewall nor antivirus.

Attackers are therefore able to compromise the weak password or software vulnerabilities of IoT devices to take control of them and form IoT botnets. In 2016 and 2017, IoT botnets launched massive DDoS attacks.

Currently, devices like broadband routers are popular attack targets. With the launch of smart industrial systems, these devices that are exposed to the internet will also be targeted.

Some form of regulation needs to be introduced in relation to IoT systems.

How would HKPC advise businesses to protect themselves against cyber-attacks, particularly ransom-based attacks?

Ransomware is one of the biggest challenges we face in this day and age, and due to the diversity of attack paths, HKCERT has advised victims to take a multi-prong defense approach.

The advice we give is to stay vigilant when using a computer and not to click or open unsolicited emails.

We also advise companies to install security software and to patch any system vulnerabilities quickly and effectively.

It is also important to minimize the number of administration accounts and minimize the rights of user accounts.

Also, we advise companies to back up their data regularly and to keep an offline copy.

HKCERT has also created a dedicated webpage to educate public companies about ransomware and it also includes advice on best security practice.

What advice would HKPC give to a financial company that had become the victim of a ransomware attack?

The very first thing we would advise victims of ransom-based attacks to do is to isolate and disconnect the infected computers from network and switch off the machine.

This will stop the spread of the ransomware and its encryption process on the infected computers.

Then they should download a legitimate cleanup tool and run a full scan to remove the malware, before try to recover data from backup media.

We advise victims not to pay the ransom. For a start, there is no guarantee that paying ransom can get back the data.

Secondly, such action will encourage criminals to carry out more attacks. It also shows the attacker that the victim and their industry would be good targets in the future.

Cryptojacking is becoming an increasing concern for businesses in the US and Europe – are these concerns being echoed in Hong Kong?

Not so far – HKCERT only received three local cases of cryptojacking in 2017.

However, cryptojacking could spread to Hong Kong at any time – it is just another way that criminals are using a compromised website to make money.

HKCERT has received many incident reports of compromised websites being utilized to host phishing and malware in Hong Kong. Such attacks are popular because they are not difficult to launch.

What is top of the agenda for HKPC and HKCERT for 2018?

HKPC and HKCERT will channel their efforts to educate the industry sectors about cybersecurity issues.

These industries include retailers, travel agents, and securities brokers who were major targets of cyber-attacks in 2017, and are required to handle lots of financial transactions and personal data.

HKCERT will also promote the cybersecurity best practices among service providers to ensure that Hong Kong is a security hub for business and daily life.