Caution urged for critical infrastructure over threats
Police say they received 440,000 intelligence reports on cyber threats targeting Hong Kong last year. Photo: RTHK
Police have called on critical infrastructure operators to bolster their defensive efforts against cyber threats, after a number of firms were deemed to be vulnerable.
The force said it inspected 90,000 assets controlled by critical infrastructure firms last year and discovered more than 4,500 loopholes in their systems.
Officers identified three types of loopholes which are particularly risky.
"First of all it's the employees' log-in credentials, that they are leaked or stolen because they don't have a very good mechanism in ensuring that these kind of credentials are in a high level [of protection]," senior superintendent Carmen Leung said.
"And second, some organisations did not properly manage their domain and subdomain, allowing attacker to hijack those unused subdomains and create highly convincing phishing or scam websites.
"And for the third part, we noticed some organisations having some misconfigured cloud storage service and unintentionally exposed their internal system in a web-facing environment."
She said these organisations took remedial measures after being warned by the force, and no harm was done to their major services.
Police said they received 440,000 tip-offs regarding Hong Kong-related cyber threats last year.
The top three industries to be targeted were banking and finance, communication, and government departments.
Superintendent Baron Chan stressed that a "useful and powerful preventive mechanism" is in place.
"Luckily, under our protection mechanism, we collect these intelligence in a very earlier stage and we do analysis and then share [them] among our stakeholders, so that these intelligence can be used by different sectors, even though they are not the targets of these bad actors," he said.
Police said they recorded 7,680 technology crime cases from January to March, up 1.1 percent year on year.
The cases, most of which involved online shopping, inflicted losses of more than HK$1.43 billion.
Officers urged shoppers to make use police's Scameter app to check the validity of recipients before making financial transactions.
Police also issued their first ever cybersecurity report, which can be viewed online.
It covers SAR and global cybersecurity trends, together with predictions in the coming year.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
HKFP
3 hours ago
- HKFP
Hong Kong police probe suspected illegal work linked to Amap ride-hailing services
Hong Kong police are investigating suspected illegal work linked to ride-hailing services on navigation platform Amap, following allegations that a mainland Chinese driver accepted orders without local identification documents. Police confirmed to HKFP on Wednesday that a man had filed a report two days earlier, complaining about suspected illegal work involving the use of a private vehicle for carrying passengers for hire. The case has been passed to the traffic unit of the New Territories South headquarters, and no arrests have been made so far, police said. The police force said it would continue to allocate appropriate resources to combat illegal car hire, in accordance with 'operational priorities.' 'Where sufficient evidence is available, appropriate prosecutions will be initiated,' police said in an email. A user posted on Threads on Monday, saying that he requested a ride via Alipay, which connected him to ride-hailing services on Amap. After boarding the car, the passenger realised the driver was a mainland Chinese man who only spoke Mandarin and could not understand Cantonese. Videos uploaded to the Threads post showed the passenger repeatedly asking the driver if he had a Hong Kong identity card, to which the driver replied, 'No.' When asked if he could work as a driver without local identification documents, the driver said he had entered Hong Kong with a 'business visit' permit, adding that the car was provided by his 'boss,' without specifying their identity. The driver also said that Amap did not require him to provide a Hong Kong identity card. 'You don't even know the roads in Tsuen Wan. You are basically a ticking time bomb on Hong Kong roads,' the Threads post read. A screenshot shared by the Threads user showed that the driver had accepted more than 370 orders on Amap. It is unclear whether all the trips took place in Hong Kong. The Threads user said he filed a police report after reaching his destination, and the police contacted him to give a statement on Tuesday. According to the Immigration Department's website, a business visit permit is intended for mainland residents who wish to make business trips to the city in their private capacity. The permit can be valid for a single journey or multiple journeys for a period ranging from three months to one year, with each stay not exceeding 14 days. The permit allows the holder to engage in business-related activities during the trip, such as signing contracts, submitting tenders, taking part in exhibitions or trade fairs, and attending business meetings. It does not allow the permit holder to take up any paid or unpaid employment. Offenders are liable on conviction to a maximum fine of HK$50,000 and imprisonment for up to two years. Earlier this month, a mainland Chinese man was jailed for two months for offering ride-hailing services via Amap and breaching his conditions of stay as a travel permit holder. Ride-hailing apps currently operate in a grey area in Hong Kong, which requires vehicles offering such services to have a hire car permit. Private vehicle owners who sign up with online platforms without a permit face a maximum penalty of six months in jail and a HK$10,000 fine for a first offence. There has been no major law enforcement operation targeting ride-hailing drivers, although some have been arrested. Meanwhile, ride-hailing services – especially Uber – have grown in popularity amid long-standing dissatisfaction with taxi services. Last month, the government submitted a legislative proposal to regulate ride-hailing services. The authorities suggested capping the number of ride-hailing cars allowed in the city, but the proposal did not specify a limit.
South China Morning Post
4 hours ago
- South China Morning Post
Hong Kong slams ‘smear campaigns' as Jimmy Lai returns to court for trial
The Hong Kong government has strongly condemned 'smear campaigns' by foreign forces and anti-China media companies in relation to the national security law trial of former newspaper boss Jimmy Lai Chee-ying, who returns to court on Thursday. Prosecutors and defence lawyers will make their final oral arguments in his high-profile trial . The closing submissions procedure will be the Apple Daily founder's last appearance at West Kowloon Court before the three presiding High Court judges reach a verdict on his case of conspiracies to publish seditious articles and collude with foreign forces. A government spokesman warned on the eve of the trial resuming that it was inappropriate for anyone to comment on details of the case in an 'attempt to interfere with the court to exercise judicial power independently, which might otherwise constitute perverting the course of justice'. However, external forces and anti-China media would 'still continue to distort the truth', he said. The spokesman noted that Lai's lawyers had previously clarified that the former media boss had received appropriate treatment and welfare in prison, while stressing the trial was based on the principle of the rule of law. Hong Kong law enforcement agencies had been taking actions strictly based on evidence, which had nothing to do with the political stance, background or occupation of the people or entities concerned, he added.
South China Morning Post
4 hours ago
- South China Morning Post
HKMA, HSBC allay concerns about Hong Kong's loan books amid city's property market slump
Hong Kong's de facto central bank and the city's largest lender have issued separate statements to assuage concerns about a glut in the commercial property market, saying that the local banking system remained robust and well-capitalised. Advertisement Risks associated with commercial real estate (CRE) loans were 'manageable', as the classified loan ratio – a measure of borrowings deemed substandard, doubtful, or at loss – shrank slightly to 1.97 per cent in the second quarter, from 1.98 per cent at the end of March, said Eddie Yue Wai-man, the chief executive of the Hong Kong Monetary Authority (HKMA). 'Hong Kong's banking system is well-capitalised and has sufficient provisions and good financial strength to withstand market volatilities,' Yue said in a blog post on the HKMA's website on Wednesday. Hong Kong's property slump, currently in its sixth year, has entered a new normal , as a confluence of factors from high interest rates and macroeconomic pressure to low demand amid an oversupply has weighed on the market. As prices and rents fell in residential flats, shops and offices, the value of loan collateral declined. Eddie Yue Wai-man, the Chief Executive of the Hong Kong Monetary Authority, on July 9, 2025. Photo: Elson Li Almost three-quarters of HSBC's Hong Kong commercial property loan book was flashing warning signs by the end of June, while the amount of loans bearing increased credit risk had almost tripled.
