Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Cyber Attacks Continue to Grow and Evolve

advertisement 
April 14, 2016
Business Resolution & Dispute Resolution Practice
Cyber Attacks Continue to Grow and Evolve
By: Greg Burch and David E. Harrell, Jr.
Cyber criminals continue to prey on websites with unpatched vulnerabilities and ill-protected point
of sale (POS) systems to steal credentials such as personal data, credit card numbers and bank
account details.
Common methods to be aware of
Fraudsters are known to use methods most commonly associated with their victim’s normal
business practices - wire transfers in most cases, cheques in others. Intrusions are facilitated
through a phishing scam in which a victim receives an email from a seemingly legitimate source
that contains a malicious link. When the victim clicks on the link, it downloads malware, allowing the
criminals unrestricted access to data, including passwords or financial account information.
Fraudsters also contact companies by email or phone pretending to be lawyers or representatives
of law firms claiming to handle confidential or time-sensitive matters. Organizations and Internet
users should be vigilant in strengthening their guard against the anticipated surge in cyber attacks
targeting web servers, POS systems and mobile devices.
It is predicted that extortion via DDoS (distributed denial-of-service) and Ransomware will also
flourish as cyber criminals are increasingly offering paid ransomware services (complete with kits
for attacks on different operating systems) and managing ransom payments.
Prevention
•
•
•
•
•
Regularly assess web server security; patch any security loopholes
Isolate POS systems from open network to limit attack avenues
Regularly backup data; keep an offline copy to minimize risks of ransomware
Carefully scrutinize all email requests for transfer of funds to determine legitimacy
Know the habits of your customers, including the details of, reasons behind, and amount of
payments
• Be wary of unsolicited software or hyperlinks, and abnormal requests for credential data or
change of payment account details
• Individuals need to take steps to protect mobile devices
Computer Crimes Ordinance in Hong Kong
The main piece of legislation in Hong Kong which has been introduced against computer
related crime is the Computer Crimes Ordinance. Enacted in 1993, it has, through amending the
Telecommunications Ordinance (Cap. 106), Crimes Ordinance (Cap. 200) and Theft Ordinance (Cap.
210), created some new offences and broadened the coverage of existing offences, as follows:
Related Crimes – Hong Kong
Law
Provisions
Maximum Penalty
Telecommunications
Ordinance
By telecommunications, obtains
unauthorized access to any
computer
Fine of $25,000
S. 27A, Cap. 106
Business Litigation & Dispute Resolution Practice | LOCKE LORD QUICK Study
April 14, 2016
Page 2
Crimes Ordinance
Extending the meaning of property Not applicable
to include any program or data
held in a computer or in computer
storage medium
S. 59, Cap. 200
Crimes Ordinance
S. 59 and 60, Cap. 200
Crimes Ordinance
S. 85, Cap. 200
Crimes Ordinance
S. 161, Cap. 200
Theft Ordinance
S. 11, Cap. 210
Extending the meaning of criminal
damage to property to misuse of a
computer program or data
10 years’ imprisonment
Extending the meaning of
making false entry in bank book
to falsification of the books of
account kept at any bank in
electronic means
Life imprisonment
Obtains access to a computer with
intent to commit an offence or with
a dishonest intent
5 years’ imprisonment
Extending the meaning of burglary
to include unlawfully causing a
computer to function other than
as it has been established and
altering, erasing or adding any
computer program or data
14 years’ imprisonment
Theft Ordinance
Extending the meaning of false
10 years’ imprisonment
accounting to include destroying,
S. 19, Cap. 210
defacing, concealing or falsifying
records kept by computer
Source: www.infosec.gov.hk/english/ordinances/corresponding.html
Computer crime in Hong Kong
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) handled
4,928 security incident reports in 2015, up 43% from 2014. Phishing (1,978 cases) powered the surge,
with an increase of 233%, as a result of new “flash” phishing attacks (1,375 cases, or 69% among
phishing) that were launched using local web hosting services as cover. Incidents relating to mobile
devices also rose by 86% to 286 cases.
Security Incident Reports in Hong Kong
2015 Incident Reports by Type
6,000
4,928
5,000
39%
4,000
3,443
9%
+43%
3%
3,000
2%
1,694
2,000
1,000
Phishing
1,978
7%
975
1,189
40%
2012
Malware
328
Others
449
DDoS
130
0
2011
Botnet
1,943
2013
2014
Defacement
100
2015
BEC Scams in the United States - US$798 million and counting
Business E-mail Compromise (BEC) scams continue to grow and evolve targeting businesses of all
sizes. The FBI’s Internet Crime Complaint Center (IC3) reported a 270 percent increase in identified
victims and exposed loss since January 2015. The scam has been reported in all 50 states and in 79
countries. Fraudulent wire transfers were sent to 72 countries, with the majority of transfers going
to Asian banks located in China and Hong Kong.
The IC3 reports that from October 2013 to August 2015, BEC scams claimed 8,179 individual
victims (7,066 in the U.S. and 1,113 non-U.S.) with a total exposed loss of US$798,897,959.25. Similar
Business Litigation & Dispute Resolution Practice | LOCKE LORD QUICK Study
April 14, 2016
Page 3
incidents identified by international law enforcement agencies during the same period bring the
BEC exposed loss to over US$1.2 billion.
Read our previous QuickStudy on Wire Transfer Fraud for practical advice for organizations and
individuals as to the steps to take for recovery of stolen funds. Time is of the essence.
For more information on the matters discussed in this Locke Lord QuickStudy, please contact the
authors.
Greg Burch | +852 3465 0635 | gburch@lockelord.com
David E. Harrell, Jr. | 713-226-1138 | dharrell@lockelord.com
Atlanta | Austin | Boston | Chicago | Dallas | Hartford | Hong Kong | Houston | Istanbul | London | Los Angeles | Miami | Morristown
New Orleans | New York | Providence | Sacramento | San Francisco | Stamford | Tokyo | Washington DC | West Palm Beach
Locke Lord LLP disclaims all liability whatsoever in relation to any materials or information provided. This piece is provided solely for educational and informational purposes. It is not intended to
constitute legal advice or to create an attorney-client relationship. If you wish to secure legal advice specific to your enterprise and circumstances in connection with any of the topics addressed, we
encourage you to engage counsel of your choice. If you would like to be removed from our mailing list, please contact us at either unsubscribe@lockelord.com or Locke Lord LLP, 111 South Wacker
Drive, Chicago, Illinois 60606, Attention: Marketing. If we are not so advised, you will continue to receive similar mailings.
Attorney Advertising © 2016 Locke Lord LLP
Related documents
The World Trade Organisation Ministerial, Hong Kong, December 2005: Tearfund’s provisional
The World Trade Organisation Ministerial, Hong Kong, December 2005: Tearfund’s provisional
My name is Yuen Wing Sze. I'm 20 years old... Kowloon. There are four people in my family including my...
My name is Yuen Wing Sze. I'm 20 years old... Kowloon. There are four people in my family including my...
Download
advertisement