Nearly half of about 30,000 websites in Hong Kong are not safe against cyberattacks, a domain name registration service has warned, while police have said the number of technology-related crimes reported locally has risen 3.5 per cent this year.
The Hong Kong Internet Registration Corporation said on Friday that it had regularly examined nearly 30,000 websites over the past five years and found 44 per cent of them used unsafe hyperlinks to third-party services, which could bring them security risks such as data theft and attacks.
The government-designated non-profit organisation, which administers the registration of internet domain names, also found that 32 per cent of the websites disclosed server information, which made it easier for hackers to mount attacks.
Twenty-six per cent of the websites had improper cookie configurations, which hackers could use to inject malicious code into web pages to induce users to install malware, corporation CEO Wilson Wong Ka-wai said.
Wong urged companies to examine their systems and identify loopholes and risks as well as look for solutions to improve their cybersecurity, rather than simply seeking help from consultants or manufacturers after data breaches.
“We need to move from passively dealing with problems to taking the initiative to see if we have any problems and how to solve them,” he said.
Hong Kong has recorded an increasing number of technology crimes this year.
Police Chief Superintendent Raymond Lam Cheuk-ho said 16,182 cases involving technology crimes were logged in the first half, up by 3.5 per cent from the 15,637 recorded over the same period last year.
Losses this year amounted to HK$2.66 billion, said Lam of the cyber security and technology crime bureau. He said 75 per cent of this year’s cases were related to online fraud and the rest to cybersecurity.
The number of hacking cases doubled to 30 in the first half, involving HK$3.3 million in losses, from 15 in the same period last year.
Police recorded 26 cases involving ransomware, a type of malware that holds data hostage in exchange for money, in the first six months of this year, with the highest ransom amount at HK$78 million. The force recorded seven ransomware cases in total in the first half of last year.
“The number of cybersecurity crimes is on the rise,” Lam said, adding that a lack of regular updates to systems and hackers’ growing use of artificial intelligence technologies added to the security risks.
A string of data breaches at major public bodies has sparked concern and prompted IT experts to urge authorities to draw up policies to improve cybersecurity protection for government departments and associated organisations.
The newly established Digital Policy Office would work to improve the security of information systems within the government, said Daniel Cheung Yee-wai, assistant commissioner of project governance and cybersecurity.
He said it would inspect high-risk information systems and examine security loopholes as well as carry out routine inspections.
The office would also set up a platform for cyberattack and defence drills to test the responses and contingency measures of various departments and public institutions.
“We hope to improve the security awareness of management and technical staff and their ability to resist cyberattacks,” he said.
The office, established last month, is an initiative announced by Chief Executive John Lee Ka-chiu in his 2023 policy address to accelerate the development of digital government. It was created by merging the Office of the Government Chief Information Officer with the Efficiency Office.
Separately, the privacy watchdog said it had received almost 600 inquiries related to fraudulent activities targeting personal data in the first half on 2024, an increase of nearly 90 per cent over the same period last year.
The inquiries were related to several types of swindles including phone scams, the hijacking of residents’ instant messaging accounts and fake social media pages designed to trick victims into parting with money or personal details, the Office of the Privacy Commissioner for Personal Data said.
Commissioner Ada Chung Lai-ling urged residents to protect themselves by limiting the images and videos they posted online which completely revealed their face as such content could be used to generate deepfake content by scammers.
“If they use these images and videos to pretend to be you, it will not only affect you, it may also affect your relatives and friends by leading them to suffer losses,” she told a radio programme.
