Financial Crime World

Hong Kong’s Banking Sector Hit Hard by Cybercrime Threats in 2023

Hong Kong’s banking sector was a prime target for cybercrime threats in 2023, with phishing attacks accounting for nearly half of all cases handled by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT). In this article, we will explore the key findings and trends in cybercrime threats in Hong Kong and highlight the importance of strengthening information security awareness.

Cybercrime Threats in 2023

According to HKCERT, a total of 7,752 security incidents were reported in 2023, with phishing attacks being the most common type of threat. The banking, finance, and electronic payment industries were particularly affected, followed by e-commerce. The number of links related to phishing exceeded 19,000, showing a significant increase from 2022.

Key Findings:

  • Phishing attacks accounted for nearly half (48%) of all cases handled by HKCERT
  • Banking, finance, and electronic payment industries were the most affected sectors
  • E-commerce was also a major target for phishing attacks
  • The number of links related to phishing exceeded 19,000, showing a double-digit increase from 2022

The Rise of Sophisticated Phishing Attacks

Phishing attacks have become increasingly sophisticated, making it difficult for victims to distinguish between real and fake content. Generative AI has significantly increased the prevalence of cyberattacks, particularly in phishing scams.

The Impact of Artificial Intelligence (AI) on Cybercrime:

  • AI has made hackers’ actions more rapid and challenging for cybersecurity measures to keep up with
  • Generative AI has increased the prevalence of cyberattacks, particularly in phishing scams

The Trend Towards Organised Cybercrime

HKCERT highlighted the trend towards organised cybercrime, where ransomware attacks are becoming increasingly severe. This trend poses a significant threat to businesses and individuals alike.

  • Ransomware attacks are becoming increasingly severe
  • Organised cybercrime is on the rise

The Five Key Information Security Risks to be Aware of in 2024

HKCERT identified the following five key information security risks that organisations should be aware of in 2024:

  1. Weaponisation of AI: The use of AI to create sophisticated phishing attacks and other types of malware.
  2. Next-level Phishing Attacks: Highly targeted and sophisticated phishing attacks that are difficult to detect.
  3. Trend Towards Organised Cybercrime: Ransomware attacks and other forms of cybercrime becoming increasingly severe and organised.
  4. Attacks Arisen from Smart Devices: The increasing use of smart devices creates new vulnerabilities for hackers to exploit.
  5. Third-Party Risk: The risk of cyberattacks arising from third-party vendors and suppliers.

Strengthening Information Security Awareness

HKCERT is urging all sectors of society to strengthen their awareness of information security and take proactive measures to prevent potential losses. “Banks and financial institutions must be prepared for potential hacker attacks at any time,” said Mr Alex Chan, General Manager of the Digital Transformation Division of Hong Kong Productivity Council and spokesman for HKCERT.

Recommendations:

  • Adequate security measures should be made, such as referencing international security standards
  • Regular reviews of network security vulnerabilities are essential

Conclusion

In conclusion, cybercrime threats in Hong Kong’s banking sector were a major concern in 2023. The use of AI has increased the prevalence of sophisticated phishing attacks and other types of malware. Organised cybercrime is also on the rise, posing a significant threat to businesses and individuals alike. To address these threats, it is essential for organisations to strengthen their awareness of information security and take proactive measures to prevent potential losses.