Ransomware jeopardises Hong Kong logistics and financial services, report finds, amid surge of attacks in 2023 | #ransomware | #cybercrime

Financial services and logistics were Hong Kong’s hardest-hit sectors by ransomware in 2023, a new study has found, in a year when such attacks spiked as criminals adopted new tools like those using artificial intelligence (AI).

Cybersecurity firm Palo Alto Networks identified 3,998 posts from ransomware groups on websites for leaked information, a 49 per cent increase over 2022. Hong Kong’s two largest industries were the most targeted for extortion, Wickie Fung, Palo Alto Networks’ managing director for Hong Kong and the Greater Bay Area, said during a press briefing on Wednesday.

As a finance hub, Hong Kong’s banks and other financial institutions possess “vast amounts of valuable data”, which make them “hot targets for multi-extortion attacks” by ransomware gangs, Fung said.

ChatGPT-aided ransomware in China results in four arrests

Manufacturing was the most impacted industry across the Greater China area, the firm found. This industry typically has limited visibility into its operational technology systems, Fung said, contributing to cybersecurity vulnerabilities.

Ransomware typically involves the theft or encryption of private data with a threat to release or delete that data unless a ransom is paid, typically in cryptocurrency. Blockchain analytics firm Chainalysis found that at least US$1.1 billion in ransomware was paid out in crypto last year, the largest on record and an estimate the firm called “conservative”. Ransomware incidents are often under-reported, as many firms prefer to quietly contain the fallout.

While total payouts have risen substantially over 2022 – when Chainalysis recorded a 40 per cent decline owing to disruptions from the Russia-Ukraine war – Palo Alto Networks found evidence that organisations are seeing some success in pushing back.

Median ransom demands were up 3 per cent last year to US$695,000 from US$650,000 in 2022, but median payouts fell 32 per cent to US$237,500 from US$350,000, according to the report. The discrepancy may be the result of effective negotiations from incident response teams, the report said.

“Ransomware attackers were highly motivated in 2023,” Fung said during the briefing. Attackers have also turned to more cutting-edge tools like generative AI to scale up their operations. This technology can help attackers find more vulnerabilities and develop malware. They are also using less noticeable and more automated methods of exploiting system weaknesses.

The median time from a system’s initial compromise to the exfiltration of data was down to just two days in 2023, a 45 per cent decline from the nine days it took in 2021.

AI may be both a cause and solution to some of the increased challenges from ransomware. Hong Kong firms are exploring potential use cases for AI in defending their assets, according to Palo Alto Networks.

However, Hong Kong is still in a “learning phase”, Fung said, and awareness and security measures are “never enough”. He “has yet to see a very sophisticated or domain-specific AI use case” for ransomware prevention in Hong Kong, Fung added.

Felix Cheng, head of systems engineering of Palo Alto Networks, said that although the financial services industry tends to be on the “conservative side”, the concept of using AI tools in cybersecurity defence is beginning to take hold at Hong Kong companies.

To better guard against a rising number of attacks, Cheng said organisations should adopt in-depth, multilayer defence systems. Strengthening cloud infrastructure should be another focus, he added, while developing an incident response plan could bring added benefits.

Source link


National Cyber Security