Hackers Exploit AI for Crimes Could Become a New NormalHONG KONG SAR 1 February 2024 – The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) held a briefing today, and summarised the information security situation in Hong Kong in 2023 as well as released a security outlook for 2024. Emerging technologies, such as artificial intelligence (AI), can bring additional benefits to businesses. However, with the development of these technologies, cyber attacks come one after another, and cyber threats become more complicated. Organisations and citizens must not underestimate them. It is important for organisations and citizens to have a better understanding of cyber security and to enhance their ability to respond to cyber security risks.
HKCERT handled a total of 7,752 security incidents in 2023. Among them, phishing accounted for nearly half of all cases (3,752 cases, 48%), showing a double-digit increase, with a 27% increase from 2022, also breaking the five-year record. The number of links related to phishing also exceeded 19,000, showing a double-digit increase as well, with a 22% annual increase. The number was also doubled in four years. Phishing attacks were concentrated in the banking, finance, and electronic payment industries, followed by e-commerce.
Mr Alex CHAN, General Manager of the Digital Transformation Division of Hong Kong Productivity Council and spokesperson for HKCERT said, “With the application of AI, hackers’ actions may outpace the development of the cyber security industry. Additionally, the emergence of tools such as generative AI has significantly increased the prevalence of cyber attacks, particularly in the realm of phishing scams. The level of simulation has become increasingly sophisticated, making it nearly impossible for victims to distinguish between real and fake content. Furthermore, AI-driven threats possess adaptability, allowing them to analyse defences in real-time and readjust strategies, posing a challenge to traditional cyber security measures. Both organisations and individual users should be prepared for potential hacker attacks at any time. Furthermore, when using electronic devices with connectivity to other devices or the internet and third-party services, adequate security measures should be made, such as referencing international security standards, to reduce the risks after implementations.”
The media briefing also invited Mr Frankie WONG, Vice Chairman of the Professional Information Security Association and representative of HKCERT Critical Infrastructure Cyber Security Watch Programme, to share an analysis of LockBit ransomware and the related preventive measures. He stated, “In recent years, ransomware attacks have become increasingly severe. Hacker groups actively search for vulnerabilities in organisations’ networks, exploiting them to gain unauthorised access, steal data, and encrypt files. They then demand ransom payments, threatening to publicly release the compromised information. Once confidential data is stolen and exposed, the consequences can be endless. Therefore, organisations should be proactive in addressing these threats, regularly conducting comprehensive reviews of their network security vulnerabilities, and taking timely actions to prevent potential losses.”
The Five Key Information Security Risks to be Aware of in 2024 are:
- “Weaponisation” of AI: Hackers use generative AI to issue instructions for generating malicious code, dominating cyber attacks. Additionally, hackers can use AI to generate disinformation that affects the output of other AI, bypassing cyber security measures. Hackers also use AI to create fake videos to deceive for personal gain.
- Next-Level Phishing Attacks: In addition to using traditional methods such as emails and text messages to conduct phishing attacks, hackers also use fake videos to impersonate someone’s identity. Phishing attacks also extend to social media platforms, impersonating some brand pages. At the same time, hackers use search engine optimisation (SEO) techniques to make phishing websites appear at the top of search results, deceiving more victims.
- Trend towards Organised Cybercrime: In 2023, Hong Kong experienced several ransomware attacks targeting local organisations, resulting in large amounts of ransom being extorted and sensitive data being exposed. Citizens also faced threats from malicious apps and phishing. Globally, the number of ransomware attacks and vulnerabilities reached a new high in 2023, indicating an increasingly serious trend of organised and systematic cybercrimes.
- Attacks Arisen from Smart Devices: Electronic products nowadays are most equipped with network connectivity, allowing them to connect to other devices or the internet. These products have varying cyber security standards and are susceptible to intrusion and malicious manipulation. Some products cannot patch security vulnerabilities, making them difficult to block cyber attacks.
- Third-party Risk: Most companies use IT services provided by third-party, such as software and IT personnel, but this gives rise to IT supply chain attacks and insider threats, leading to data breaches, ransomware attacks, and other consequences. Additionally, research suggests that generative AI may produce incorrect information, such as code with security vulnerabilities or false information. If organisations adopt such information without verification, it brings risks to their operations.
In response to these five key information security risks, Mr CHAN called on all sectors of society to strengthen their awareness of information security. He added, “AI is believed to be gradually adopted across various industries. However, before implementing AI, it is crucial to understand and balance its associated cyber security risks. Additionally, we need to be vigilant about emerging forms of phishing, such as the use of AI-generated phishing content, impersonation of official pages on social media platforms, and the exploitation of search engine optimisation for phishing purposes. Furthermore, we must remain cautious about the increasingly severe activities of cybercriminals.”
Facing the ever-changing network environment, HKCERT will continue to take multiple measures to enhance public awareness of cyber security and safeguard cyber security. In terms of incident response, HKCERT will provide strategies and advice to the public for handling cyber security incidents, and proactively analyse cyber security vulnerabilities to provide practical guidance. In terms of prevention, HKCERT will take proactive action and collaborate with internet service providers and computer emergency response teams from different countries to remove suspicious websites. As for public education, HKCERT and the Office of the Government Chief Information Officer will co-organise a Cyber Security Week, set up interactive booths and tram promotion campaign, and publish security publications to remind the public to pay attention to emerging cyber security risks.