Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Dicky Wong Senior Inspector of Police
Agenda
• Introduction of Cyber Security and Technology Crime Bureau
• Our Approach
• Cyber Security Situation 2016 review
• Overall Technology Crime Trend
• Cyber Security Situation of HK
Cyber Security Situation 2016 Review
Crime Trend
Overall Crime Technology Crime
Year Loss (Million)
2011 148.5
2012 340.4
2013 916.9
2014 1,200.6
2015 1,828.9
2016 2,300.8
75000 70000 65000 60000 55000 50000 45000 40000 0
8000 7000 6000 5000 4000 3000 2000 1000 0
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
2010 2011 2012 2013 2014 2015 2016
Cyber Security Incident in HK
980
Source: HKCERT
Cyber Security Situation of HK
810 1050
1593
3443
4928
6058
Commissioner’s Operational Priorities 2012 - 2017
Current approach
Priorities
Strategies
Current approach
Engaging the Public
Cyber Security Summit
Cyber Security Professionals
Awards
Cyber Security Situation of HK
Motives and Targets
Vandalism
Personal Fame
Financial Gain
Political
• Malware
• DDoS Attack
• Hacking
• Defacement
• Virus
• Individuals
• SMEs
• Government Bodies
• Large Corporations
• Critical Infrastructures
• Mobile Devices
• Internet of Things
• Advanced
Persistent Threat
• Ransomware
Internet of Things or Internet of Threats?
Cyber Attack targeting ICS
Distributed Denial of Service (DDoS)
(Botnet / Zombie computers)
Email Scam
Corporate Email Scam (867 no. of cases)
13
Victim company receives email(s) requesting for
outstanding payment to new bank account
Email address spoofed to be the same as /
resembling the genuine business partner
Victim deceived into making
payment
Email Scam
Company A Company B
CEO Email Scam
假CEO電郵騙案 騙款1000萬美元
警方在2015年接獲「CEO電郵騙案」,較2014年增加2.5倍,金額亦由2014年的3100萬急增至去年的2.21億。騙徒主要針對跨國大企業,入侵CEO電郵,仔細研究其電郵信件,了解公司生意,待適當時機以CEO的電郵發信予該公司的首席財務官,要求匯款至客戶戶口。
CEO Email Scam
CEO’s email account was hacked
Hacker purported to be the CEO
Requested the CFO to make a fund transfer
Ransomware
Ransomware is a serious security threat that limits victims to access their files or system functions. It has “data-kidnapping” capabilities. Cybercriminals tend to threaten victims to pay ransom (bitcoin) in order to regain access to their files or systems.
Ransomware
Cybercriminals
Email with malicious
attachment
Open the email and
execute the attachment
Bitcoin blackmail
Ransomware
Pay or Not?
Suspicious Attachment
1. summary.exe, quotation.rar, invoice.zip, payment.js
2. summary.doc, quotation.xlsx, statement.ppt
Preventive Measures
Disable Macros
Preventive Measures
Mitigation
Unplug the power
Disconnect the infected terminal from network
Remove external storage devices from infected
terminal
Retain sample for analysis
Offsite backup
Online backup
Regular Backup
Preventive Measures
Management Solution
Access Control
Device Management
Awareness of Staff
Incident Response Mechanism
Preventive Measures
Thank You