Cybersecurity
The rising tide of cyber threats has become a critical concern for organizations worldwide. As digital infrastructures expand, so does the frequency and impact of cyberattacks. Recent reports from leading firms highlight the growing prevalence of data breaches and cyberattacks, underscoring the urgent need for robust cybersecurity measures. Verizon’s 2023 Data Breach Investigative Report and Forrester’s 2023 study provide compelling evidence of this escalating challenge, detailing significant increases in cyber incidents over recent years. (PCPD, 2024).
According to the Hong Kong Computer Emergency Response Team Coordination Centre, there was a 103% growth in incidents in Q3 2024 (from 3,832 to 7,805) compared to Q2 2024. Given this sharp increase, cybersecurity remains a critical issue that demands close attention (HKCERT, 2024).
Ransomware Attack Vectors
Ransomware attacks in Hong Kong have surged, with numerous incidents disrupting businesses and organizations across various sectors. Attackers have deployed a series of sophisticated payloads to infiltrate target systems. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) has analyzed these incidents and identified the current ransomware attack vectors, summarized as follows:
• Phishing Emails: Malicious attachments or links that deliver ransomware payloads.
• Remote Desktop Protocol (RDP) Vulnerabilities: Exploiting weak or compromised RDP credentials.
• Vulnerability Exploitation: Attackers often target unpatched vulnerabilities in software, databases, and middleware.
• Drive-by Downloads: Malicious downloads initiated through compromised or malicious websites.
• Malicious Advertising: Ads that lead to ransomware downloads.
• Supply Chain Attacks: Compromising third-party vendors to access targets.
• Brute Force Attacks: Guessing passwords to gain access.
• Exploiting Misconfigured Services: Gaining access through improperly configured network services.
• Social Engineering: Manipulating individuals to obtain access or credentials.