HKCERT: 2024 Phishing Attacks Surge and Top 5 Cybersecurity Risks for 2025
In 2024, Hong Kong’s cybersecurity landscape saw a significant uptick in cybercrime, with phishing attacks becoming a major concern. The latest report from the Hong Kong Cybersecurity Incident Response Team (“HKCERT”) reveals that the agency responded to 12,500 security incidents last year, more than 62% of which were phishing-related, marking a staggering 108% increase from the previous year. This represents the most severe cybersecurity situation in the past five years. Additionally, the number of malicious links associated with phishing attacks rose to 48,000—an increase of 50% from 2023.
Phishing attacks have primarily targeted the banking, financial services, and electronic payment sectors, which have become prime targets for cybercriminals. However, other industries such as social media, e-commerce, tech companies, and public services have also experienced significant security threats.
Malware incidents skyrocketed in 2024, with a nearly fivefold increase compared to the previous year. The majority of these attacks focused on smart devices, particularly trojans disguised as legitimate apps. Once downloaded, these malicious programs steal sensitive information or compromise the device’s functionality.
With cyber threats intensifying, HKCERT spokesperson Chan Chung-man stressed the importance of improving cybersecurity awareness for both businesses and individuals. He recommended that organizations not only deploy robust security tools but also conduct regular security audits and penetration testing to protect their digital assets. It's crucial to have effective incident response protocols in place.
Top 5 Cybersecurity Risks to Watch in 2025
Looking ahead, HKCERT has identified five key cybersecurity risks to monitor in 2025:
|
1. Third-Party Security Risks:
|
Collaborations with external partners could introduce new vulnerabilities into networks and systems.
|
|---|---|
|
2. Data Leaks and Prompt Hacking from AI:
|
The increasing use of AI technology could be exploited by hackers to steal sensitive data or inject malicious code.
|
|
3. AI-Driven Cyberattacks:
|
AI-powered tools enable cybercriminals to launch more sophisticated and targeted attacks.
|
|
4. Cyberattacks on Critical Infrastructure:
|
Public infrastructure, including water, electricity, and transportation systems, will remain high-value targets for cyberattacks.
|
|
5. IoT Security Risks:
|
The growing number of Internet of Things (“IoT”) devices presents a major security challenge, as these devices are often vulnerable to attack.
|
HKCERT tested digital displays from eight different brands and discovered 20 security vulnerabilities, 10 of which were deemed high-risk and required immediate patching. As a result, HKCERT has issued six key security recommendations: strengthening system and software security, improving network defenses, enhancing physical security, developing comprehensive data protection policies, managing content security, and enforcing secure account management practices.
**For more details, please refer to Original source: Hong Kong Economic Journal (“HKEJ”)**
Conclusion
Cybersecurity remains a pressing concern in today’s increasingly connected world. As cyberattacks grow more sophisticated, businesses and individuals must stay vigilant, continuously improving their security practices to protect sensitive information and ensure the integrity of the digital ecosystem.
**For more details, please refer to Original source: Hong Kong Economic Journal (“HKEJ”)**