Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hong Kong. Show all posts

Cybersecurity Attacks Rise in Hong Kong, Scammers Steal Money


Hong Kong has experienced a rise in cybersecurity threats, scammers are targeting individuals and businesses. A recent survey highlighted by the South China Morning Post (SCMP) reveals that nearly two-thirds of victims have suffered financial losses or wasted valuable time due to these cyber threats. This alarming trend underscores the urgent need for heightened awareness and robust cybersecurity measures.

The Growing Menace of Cyber Scams

In the past year, 49% of Hong Kong respondents faced online threats, up from 40% previously, according to Norton. Scams were the most common, impacting 34% of respondents, with nearly two-thirds losing money or time. Phishing and malware each affected 28% of respondents.

Cyber scams have become the most prevalent online threat in Hong Kong. These scams range from phishing emails and fraudulent websites to sophisticated social engineering tactics. 

Phishing and Malware

Phishing attacks, where cybercriminals disguise as legitimate entities to steal personal information, have seen a marked increase. These attacks often come in emails or messages that appear to be from trusted sources, such as banks or government agencies. Once the victim clicks on a malicious link or downloads an attachment, their personal data is compromised.

Malware attacks are another growing concern. These malicious software programs can infiltrate systems, steal data, and cause extensive damage. The SCMP survey indicates that a considerable portion of the population has been affected by malware, leading to data breaches and financial losses.

In June, police arrested 10 individuals for impersonating mainland security officials and defrauding a 70-year-old businesswoman of HK$258 million (US$33.2 million) in a phone scam. 

By August, local authorities, including the police and the Hong Kong Monetary Authority (HKMA), instructed 32 banks and 10 stored-value-facility operators to broaden their anti-fraud alerts to cover suspicious transactions at bank counters and online.

The Human Factor: A Critical Vulnerability

Despite advancements in technology, human vulnerabilities remain a significant risk factor. Cybercriminals often exploit the lack of awareness and vigilance among users. For instance, clicking on suspicious links, using weak passwords, and failing to update software are common mistakes that can lead to security breaches.

Student Hijacking: Cyberattack Exposes 8,000 Students’ Data in Hong Kong


The personal information of over 8,000 students at a private Hong Kong college has been taken and purportedly placed on the dark web, the latest in a string of cyberattacks in the city that have prompted calls for greater security.

The breach

The Hong Kong College of Technology, which offers a government-subsidized Higher Diploma in Cybersecurity, announced last week that it was the victim of a ransomware attack by hackers in late February, during which several internal papers were taken and encrypted.

This was not a normal cyber attack; it was very targeted and distinctive. HKCT strongly opposes all forms of cybercrime and sincerely apologizes for the annoyance and disruption caused by this event, according to a Chinese statement.

Impact on students

It stated that victims would receive a free six-month "credit monitoring service" and "dark web monitoring service," but refused to identify the number of students or staff affected. According to media sources, the information first leaked on the dark web this week. 

The Privacy Commissioner for Personal Data informed HKFP that the data breach affected around 8,100 students, whose personal information including names, identity card numbers, addresses, email addresses, and phone numbers were disclosed.

The commissioner stated that it was investigating the infraction. It encouraged all victims to change their passwords for online accounts, enable two-factor authentication, and be wary of any unusual phone calls or links sent to their email or phones.

Ransomware attacked locals

Cyberattacks have increased on locals, including the technology park Cyberport and the private Union Hospital.

In April, the hospital's computer system was infected with LockBit ransomware, which caused partial operational paralysis, according to local media sites.

Last year, a hacker got Cyberport's network and maliciously encrypted server files. The hackers sought a ransom of $300,000. Cyperport failed to pay, and 400GB of stolen data was eventually leaked on the dark web, according to TVB.

The Consumer Council's computer system was hacked in September of last year, resulting in a data breach that included information on 289 people who had filed complaints with the council and some personnel and former staff.

After the Union Hospital hacking, Francis Fong, honorary president of the Hong Kong Information Technology Federation said that victims should not pay ransoms since hackers may still make stolen material public regardless of payment.

Fong advised all public and commercial institutions to upgrade their computer systems regularly to address vulnerabilities and improve security.

Privacy Commissioner’s Advice

  • Review Security Settings: Organizations should review their communication platforms’ security settings. Strengthen authentication mechanisms and limit access to authorized personnel.
  • Report Incidents Promptly: Organizations must promptly report data breaches to the PCPD. Transparency is crucial in maintaining public trust.
  • Collaborate with Law Enforcement: Work closely with law enforcement agencies to track down the perpetrators and prevent further attacks.

Hong Kong: 43 Suspects Arrested For Defrauding HK$12 Million From Victims Via Online Shopping Scams and Love Frauds

 

As a part of the attempts to combat cybercrimes and frauds, Hong Kong has reportedly detained 43 people, with suspicion of being involved in a series of citywide raids during a week-long operation.
 
According to the police force, the arrested suspects between the age of 17 and 75 include waiters, technicians, workers, and unemployed people. During the operation, code-named Skyrocket, police officers seized the suspect’s mobile phones and bank cards.
 
The accused, involving 28 men and 15 women arrested between October 20 to 26, were allegedly deceiving victims of HK$12 million (1.5 million USD) in a total of 37 cases including internet love scams and shopping frauds, the police force reported on Friday.
 
The victims compromised between several hundred Hong Kong to about HK$900,000, says Senior Inspector Thomas Anthony Lo of the Wan Chai district crime squad.
 
The suspects were arrested for acquiring property by deceiving victims, particularly via money laundering. They included bank account holders, who were used to collect and launder crime proceeds.
 
As announced by the force, all the detained suspects were later released on bail, with none of them being charged. Although they are required to report back to the police next month.
 
Money laundering, in Hong Kong, is a punishable offense, involving a maximum sentence of 14 years and a fine of HK$5 million, while obtaining property via fraud carried a maximum sentence of up to 10 years behind the bars.
 
In a similar case, detectives from the Yau Tsim district crime squad detained two men, suspected of being involved in an online shopping scam. Reportedly, the suspects impersonated online buyers, befooling at least 10 victims into selling them valuables worth more than HK$1.5 million, but used cheques that bounced to pay for the goods.
 
The police were introduced to the case after one of the victims, a 41-year-old man reported to them on October 10, it was after he was tricked into falling for the scam and losing a HK$7,000 bracelet.
 
The two suspects aged 34 and 40 were later arrested from their flats in Hong Konk, on Wednesday. Additionally, the police recovered a HK$70,000 handbag from one of the flats, that belonged to one of the victims. While the investigation is still ongoing, more arrests are possible, the police force states.

Hong Kong Will Legalize Retail Crypto Trading to Establish a Cryptocurrency Hub

 


A plan to legalize retail cryptocurrency trading has been announced by Hong Kong to create a more friendly regulatory regime for cryptocurrencies. There has been an opposite trend over the last few years in the city, with skeptical views, as well as China's ban on the practice. 

According to sources familiar with the matter, an upcoming mandatory licensing program for crypto platforms scheduled to take effect in March next year will allow retail traders access to crypto platforms. There has been a request not to name these people since they are not authorized to release this information publicly.

There have been reports that the regulators are planning to allow the listing of higher-value tokens in the coming months but will not endorse specific coins such as Bitcoin or Ether, according to the people. They noted that the details and timeframe are yet to be finalized since a public consultation is due first.

At a fintech conference that starts on Monday, the government is expected to provide more details regarding its recently announced goal of creating a top crypto hub in the region. To restore Hong Kong's reputation as a financial center after years of political turmoil and the aftermath of Covid curbs sparked a talent exodus, the marketing campaign comes amid a larger effort to put Hong Kong back on the map.

Gary Tiu, executive director at crypto firm BC Technology Group Ltd, said that, while mandatory licensing in Hong Kong is one of the most effective things regulators can do, they cannot forever satisfy the needs of retail investors who are investing in crypto assets. 

Criteria for listing 

According to people familiar with the matter, the upcoming regime for listing tokens on retail exchanges is likely to include criteria such as the token's market value, liquidity, and membership in third-party crypto indexes to determine eligibility for listing. Their approach resembles the one they used when it came to structured products such as warrants, they continued. 

Hong Kong's Securities and Futures Commission spokesperson did not respond to a request for comment regarding the details of the revised stance adopted by the agency. 

Several crypto-related Hong Kong companies that are listed on the stock exchange increased their share prices on Friday. In the same report, BC Technology climbed 4.8% to its highest in three weeks during the third quarter, whilst Huobi Technology Holdings Ltd. rose slightly. 

In a world where more and more regulators are grappling with how to manage the volatile area of digital assets. This area has gone through a $2 trillion rout, following a peak in early November 2021. The sector is finding it difficult to regain its previous strength. Firms that dealt in cryptocurrency were crushed by the crash because their leverage grew without limit and their risk management methods were exposed.

It is widely believed that Singapore has tightened up its digital-asset rules to curb retail trading in digital assets to deal with the implosion that has hit Hong Kong. 

There was a proposal earlier this week by Singapore to ban the purchase of leveraged retail tokens on the retail market. There was a ban on cryptos in China a year ago because it was largely illegal. 

Michel Lee, executive president of digital-asset specialist HashKey Group, said that Hong Kong is trying to frame a crypto regime that extends beyond the retail token trading market to incorporate all types of digital assets, including cryptocurrencies. 

Bringing the ecosystem to the next level 

Among other things, Lee believes that tokenized versions of stocks and bonds could become a much more significant segment in the future as time passes on. Lee said, "Just trading digital assets on its own is not the goal". According to Lee, digital assets are not intended to be traded on their own but the ecosystem must grow as quickly as possible.”

A big exchange such as Binance and FTX once had their base in Hong Kong. Their attraction was the reputation of a laissez-faire regime and their strong ties to China. A voluntary licensing regime, that was introduced by the city in 2018, limited crypto platforms' access to clients with portfolios exceeding HK$8 million ($1 million) to those with portfolios of less than that amount. 

It has been confirmed that only two firms have been approved to operate under the license, BC Group and HashKey. FTX successfully managed to turn away the more lucrative consumer-facing business to the Bahamas last year as a result of the signal of a tough approach. 

However, the plan to attract crypto entrepreneurs back to Hong Kong seems to be a bit short of what is needed to usher them back. Among other things, it remains to be seen if mainland Chinese investors would be able to trade in tokens through Hong Kong if that were to be permitted. 

Leonhard Weese, the co-founder of the Bitcoin Association of Hong Kong, expressed a fear that there might be a very strict licensing regime in the future. "The conversations I have had indicate that people still fear it will be very stressful," he said. The company claims that it is not competitive on the same level as overseas platforms. Therefore, it will not be as attractive to customers as it would be if it dealt directly with retail users. 

According to blockchain specialist Chainalysis Inc., the volume of digital-token transactions in Hong Kong through June declined less than 10% from a year earlier, the most modest increase in the region outside of a slump in China, in the 12 months through June. It has fallen two positions from its global ranking of 39 in 2021 to 46 in 2022 when it comes to crypto adoption throughout the city. 

The Securities and Futures Commission of Hong Kong's Fintech Department has also suggested that the city could take further steps in this area, including the establishment of a regime to authorize exchange-traded funds seeking exposure to mainstream virtual assets. 

It shows that the one country, two systems principle is being put into action in financial markets, Wong said at an event last week. He said that the fact that the city can introduce a cryptocurrency framework distinct from China's indicates how far it has come.

Customers  Threatened by a Data Breach at Hong Kong's Harbour Plaza Hotel

 

Hong Kong's privacy authority is looking into a hack against the Harbour Plaza hotel company, which revealed more than 1.2 million visitors' booking information. The investigation's goal is to learn more about what kind of private details were compromised. Customers have been warned to keep an eye out for any strange activity in their accounts and to be aware of any unexpected emails, calls, or messages in the meantime. 

"The impacted data was the information of visitors who remained within these hotels," the PCPD tells ISMG. "As the investigations into the cyberattack are ongoing," the PCPD told ISMG, declining to specify the type of hack, the threat actor involved, or the data compromised. 

According to Harbour Plaza's statement, the Hong Kong Police was also notified along with certain other relevant authorities. The company has hired an undisclosed third-party cybersecurity forensics agency to investigate and control the problem, as well as improve its security perimeter in the future. 

According to the company's FAQs about the data leak, those who are affected will be alerted. Customers should be "extra cautious against scamming or other attempted schemes," according to the hotel firm, which says "lodging reservation databases" were impacted. It indicates possible information such as a customer's name, email address, phone number, reservation, and stay details may have been hacked. 

Inquiry into the data leak at online retailer HKTVmall 

Separately, the PCPD is looking into a case involving HKTVmall, a well-known shopping and entertainment platform run by Hong Kong Technology Venture Co. Ltd. 

The security breach has endangered the personal details of a "small fraction" of HKTV Co. Ltd.'s 4.38 million registered customers, according to a statement made on Feb. 4. According to the notice, the connected server was in an "other Asian" country. 

According to the company, it promptly notified the Hong Kong Police or the PCPD, and hired two cybercrime firms on January 27 "to conduct an investigation and further enhance HKTVmall's server security measures." 

Customer data that may have been obtained by an unauthorized person, according to HKTVmall, includes:

  • Account names which have been registered.
  • Login passwords which are encrypted and masked.
  • Email addresses which have been registered and that can be contacted. 
  • Names of recipients, shipping addresses, and contact numbers for orders placed between December 2014 and September 2018.
  • Clients who have connected their HKTVmall account to a Facebook account or an Apple ID have the date of birth, official name, and email accounts for Facebook accounts and Apple IDs.

ShadowPad Malware is Being Sold Privately to Chinese Espionage

 

Since 2017, five separate Chinese threat groups have used ShadowPad, an infamous Windows backdoor that allows attackers to download additional harmful modules or steal data. In a detailed overview of the malware, SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said that "adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," adding that "some threat groups stopped developing their own backdoors after they gained access to ShadowPad." 

ShadowPad was released in 2015 as a replacement for PlugX. However, it wasn't until several well-known supply-chain incidents – CCleaner, NetSarang, and ShadowHammer – that it began to gain considerable public attention. Unlike the publicly available PlugX, ShadowPad is only available to a selected group of people. ShadowPad has been called a "masterpiece of privately sold malware in Chinese espionage" by an American cybersecurity firm. 

ShadowPad is a shellcode-based modular backdoor. A layer of an obfuscated shellcode loader is in charge of decrypting and loading a Root plugin during execution. While the Root plugin's chain of operations decrypts, it loads other shellcode-embedded plugins into memory. To date, at least 22 different plugins have been discovered. 

Additional plugins can be remotely uploaded from the C&C server in addition to the ones included, allowing users to dynamically add functionality that isn't present by default. A Delphi-based controller is in charge of the infected machines, which is used for backdoor communications, upgrading the C2 infrastructure, and controlling the plugins.

"While ShadowPad is well-designed and highly likely to be produced by an experienced malware developer, both its functionalities and its anti-forensics capabilities are under active development," the researchers said. 

ShadowPad-related attacks have lately targeted Hong Kong-based firms as well as key infrastructure in India, Pakistan, and other Central Asian countries. The implant is known to be shared by multiple Chinese espionage actors, including Tick, RedEcho, RedFoxtrot, and clusters dubbed Operation Redbonus, Redkanku, and Fishmonger, although being predominantly attributed to APT41. 

"The threat actor behind Fishmonger is now using it and another backdoor called Spyder as their primary backdoors for long-term monitoring, while they distribute other first-stage backdoors for initial infections including FunnySwitch, BIOPASS RAT, and Cobalt Strike," the researchers said. "The victims include universities, governments, media sector companies, technology companies and health organizations conducting COVID-19 research in Hong Kong, Taiwan, India and the U.S."

China supported website attacks Hong Kong activists : leaking their personal details online!


HK Leaks, a notorious website is targeting Hong Kong pro-democracy supporters, leaking their personal details online and there seems to be no way of catching the site and stopping it.

The website is using a Russian based server and is also supported by China's ruling Communist Party. From Journalists to lawmakers, around 200 individuals, those supporting the protests in Hong Kong have been "doxxed"- had their personal details broadcasted online by the site.

Since June anti-government protests have rocked Hong Kong against proposals to allow extradition to mainland China and clashes between the activists and police have become increasingly violent, with police firing live bullets and protesters attacking officers and throwing petrol bombs. With this new development, of doing activists; the situation shows no sign of dying down.

Privacy Commissioner Stephen Wong said he had ordered HK Leaks to take down all posts but the site remains online. On the home page of the website, a picture of black-clad protester is shown and a banner in Chinese saying, "We want to know who these people are and why they are messing up Hong Kong!". Phone numbers, addresses and personal details of hundreds of people are posted with their "misdeeds". And it is illegal in Hong Kong to disclose certain personal details, including phone numbers, without consent.

HK Leaks has a very sophisticated operation, designed to evade prosecution. It is registered anonymously on a Russian server, DDOS-Guard and has changed domain three times since August.

"The IP address that is shown for the website is not that of the website itself but of the DDOS-Guard company," cybersecurity expert Brian Honan said. The site has a bulletproof anonymous hosting, and whoever is running the website is very good at what they do. It ran as hkleaks.org in early August then migrating to hkleaks.ru, which discontinued in late October and since then three more similar domains have been used by the site.

"This site seems to be really well set up to reveal as little as possible and it doesn't use lots of external services, like buttons, statistics trackers, various scripts that would leak information," said Maarten Schenk, co-founder of the fact-check site Lead Stories.

To extract any details from the domain registrar, a court order would be necessary and the site is heavily supported by the big guns of China with heavy traffic, which is 175,000 unique page views. Chinese Communist Youth League, a group linked to China's Communist Party, has promoted the site's content on its official Weibo accounts. The state-run broadcaster, CCTV and Global Times newspaper, also posted similar messages on their social media accounts.

Some victims also accused the Chinese authorities of involvement behind the leaks, said that the fake address they gave the police during an interrogation showed up on the website HK Leaks.

Hong Kong Protesters being Hampered by a Cyber Attack




The major public protests which unfolded over the last week in Hong Kong are targeting the legislation which would allow accused to be extradited to mainland China to face trial. As the movement became violent, police resorted to tear gas, rubber bullets and pepper spray in order to disperse the protesters.

Protesters are demanding for the new extradition law (Fugitive Offenders Ordinance) to be scrapped and the debate over the bill has been delayed as the protesters did not assemble again; Hong Kong natives are of the opinion that the law could potentially legalize the kidnapping of people who practice their right to speech to say things or behave in manners that go out of synchronization with the Chinese government. Furthermore, Hongkongers feel that this new extradition law can also be utilized to extradite visitors and travelers who are taken into custody on suspicion.

As over the years, Telegram has been a major platform for activists in Hong Kong and mainland China to systemize and carry out protests effectively and bypass  government surveillance, Telegram CEO, Pavel Durov, remarked in a tweet, "Historically, all state actor-sized (attacks) we experienced coincided in time with protests in Hong Kong,"This case was not an exception."

Twitter saw an upsurge in the tweets which talked about the remarkable management and expert arrangements made for the sizable protests; according to the organizers, a total of 1 million people assembled for the protest, whereas, police recorded a total of 240,000.

The momentum which the protests picked up was the direct result of the audience reached via various social media platforms such as WhatsApp and Telegram.  These messaging apps were used by the protesters to coordinate and spread the word about the Hong Kong protests.

The demand for highly secured and encrypted social media messaging apps is likely to rise up due to a very fundamental citizen need to evade government surveillance and stay guarded against authoritative bodies.