IT experts urge firms to be vigilant on malware and update security patches

Financial institutions are increasingly finding their data is being held hostage by hackers - and the number of digital ransom cases may be higher than official tallies.

Information sector lawmaker Charles Mok Nai-kwong told a cloud computing security conference on Tuesday that many financial institutions had approached him. This was after learning hackers were demanding ransoms in bitcoin - a digital currency created and exchanged independently of banks or governments - after encrypting sensitive and confidential business data.

"The financial services industry wants to make sure consumers see them as secure," Mok told the conference of information security officers.

"But in fact, in the last couple of years there has been quite a number of these crypto lockers targeting their servers and systems and injecting the malware into the system and then locking out the system and calling you for ransom," he said.

"I have to say that many of those that are being targeted don't want their names to be leaked out, so I can't even say who they are," he added.

Mok said that once targeted, organizations were confronted with the dilemma of paying either a lot of money or letting their company services stop - and suffering a huge loss to their reputations.

The Hong Kong Computer Emergency Response Team (HKCERT) said in its latest security note there was an increasing trend of crypto ransom ware targeting the city. It reported an average of five incidents per month from February to April this year.

The Bank of China and Bank of East Asia were reportedly hit with crypto locker ransom ware attacks in May. Both banks claimed customer data and services were not affected.

HKCERT began detecting random ware affecting network storage less than two years ago, according to senior consultant Leung Siu-cheong, who advised targeted companies not to pay ransoms.

"They will come back asking for more," he said, noting ransoms were kept relatively low to encourage compliance. Some ransoms were in the thousands for individuals, the tens of thousands for small businesses. But millions were demanded from larger entities which were threatened with denial-of-service (DoS) attacks.

The solution for the attacks is not cheap. Companies are recommended to make multiple daily or hourly offline backups of their data in the event of an infection.

Ransom ware attacks are started through phishing emails, encrypting not only files located in affected machines but all files shared on connected networks. An extortion message on infected computers typically demands a specified ransom in bitcoin in exchange for the decryption key, otherwise the unique decryption key will be deleted, HKCERT said.

International Information Systems Security Certification Consortium Asia-Pacific technical adviser Chuan-Wei Hoo said that cities such as Hong Kong and Singapore are lucrative targets - given the concentration of large financial institutions, data centers, and small and medium enterprises.

On average, a 10th of workers in companies with more than 100 employees clicked on infected links in phishing emails, former chief technology officer of the US Central Intelligence Agency (CIA) and President of IT consulting company Applicology Bob Flores said.

HKCERT recommends that users keep up to date with patches in its 2015 security outlook. Some 96 percent of patchable vulnerabilities being exploited were more than two years old, Flores said.

tim@chinadailyhk.com

(HK Edition 08/12/2015 page10)