Dicky Wong Senior Inspector of Police

Agenda

• Introduction of Cyber Security and Technology Crime Bureau

• Our Approach

• Cyber Security Situation 2016 review

• Overall Technology Crime Trend

• Cyber Security Situation of HK

Cyber Security Situation 2016 Review

Crime Trend

Overall Crime Technology Crime

Year Loss (Million)

2011 148.5

2012 340.4

2013 916.9

2014 1,200.6

2015 1,828.9

2016 2,300.8

75000 70000 65000 60000 55000 50000 45000 40000 0

8000 7000 6000 5000 4000 3000 2000 1000 0

0

1,000

2,000

3,000

4,000

5,000

6,000

7,000

2010 2011 2012 2013 2014 2015 2016

Cyber Security Incident in HK

980

Source: HKCERT

Cyber Security Situation of HK

810 1050

1593

3443

4928

6058

Commissioner’s Operational Priorities 2012 - 2017

Current approach

Priorities

Strategies

Current approach

Engaging the Public

Cyber Security Summit

Cyber Security Professionals

Awards

Cyber Security Situation of HK

Motives and Targets

Vandalism

Personal Fame

Financial Gain

Political

• Malware

• DDoS Attack

• Hacking

• Defacement

• Virus

• Individuals

• SMEs

• Government Bodies

• Large Corporations

• Critical Infrastructures

• Mobile Devices

• Internet of Things

• Advanced

Persistent Threat

• Ransomware

Internet of Things or Internet of Threats?

Cyber Attack targeting ICS

Distributed Denial of Service (DDoS)

(Botnet / Zombie computers)

Email Scam

Corporate Email Scam (867 no. of cases)

13

Victim company receives email(s) requesting for

outstanding payment to new bank account

Email address spoofed to be the same as /

resembling the genuine business partner

Victim deceived into making

payment

Email Scam

Company A Company B

CEO Email Scam

假CEO電郵騙案 騙款1000萬美元

警方在2015年接獲「CEO電郵騙案」，較2014年增加2.5倍，金額亦由2014年的3100萬急增至去年的2.21億。騙徒主要針對跨國大企業，入侵CEO電郵，仔細研究其電郵信件，了解公司生意，待適當時機以CEO的電郵發信予該公司的首席財務官，要求匯款至客戶戶口。

CEO Email Scam

CEO’s email account was hacked

Hacker purported to be the CEO

Requested the CFO to make a fund transfer

Ransomware

Ransomware is a serious security threat that limits victims to access their files or system functions. It has “data-kidnapping” capabilities. Cybercriminals tend to threaten victims to pay ransom (bitcoin) in order to regain access to their files or systems.

Ransomware

Cybercriminals

Email with malicious

attachment

Open the email and

execute the attachment

Bitcoin blackmail

Ransomware

Pay or Not?

Suspicious Attachment

1. summary.exe, quotation.rar, invoice.zip, payment.js

2. summary.doc, quotation.xlsx, statement.ppt

Preventive Measures

Disable Macros

Preventive Measures

Mitigation

Unplug the power

Disconnect the infected terminal from network

Remove external storage devices from infected

terminal

Retain sample for analysis

Offsite backup

Online backup

Regular Backup

Preventive Measures

Management Solution

Access Control

Device Management

Awareness of Staff

Incident Response Mechanism

Preventive Measures

Thank You