Page 12 - CMA_bulletin_2024-_4_issue_online
P. 12
12 ઼ਗʺॴ
Get Ready to Upgrade
2024 年五大資訊保安風險
黑客利用人工智能犯案成新趨勢
Five Key Information Security Risks to be Aware of in 2024
Hackers Exploiting AI for Crimes Becomes a New Normal
隨著人工智能的普及,黑客行動速度可能較網絡安全行業發展更迅速。生
成式人工智能等工具的出現令網絡攻擊顯著增加,尤其是網絡釣魚詐騙,
加上人工智能驅動的威脅具有適應性,可以即時分析防禦並重新調整策
略,對傳統網絡保安預防措施造成嚴峻挑戰。
香港電腦保安事故協調中心(HKCERT)在2023年共處理7,752 宗保安事
故,其中網絡釣魚更佔整體個案接近一半(3,752宗,48%),按年上升
27%,達雙位數增幅,創五年新高。與網絡釣魚相關的連結更突破
19,000萬條,增22%,四年內升逾一倍,主要集中銀行、金融及電子支
付行業,其次是電子商貿。與此同時,勒索軟件攻擊越趨嚴重,黑客集團
會主動尋找目標機構的網絡弱點,入侵後竊取資料並將原檔案加密,藉此
要求贖金。
生產力局數碼轉型部總經理兼香港電腦保安事故協調中心 (HKCERT)發言人陳仲文先生(左)預
HKCERT歸納2024 年必須留意的五大資訊保安風險: 測2024年五大資訊保安風險。
Mr Alex CHAN (left), General Manager, Digital Transformation of HKPC and
spokesperson of HKCERT, forecasts the five key information security risks in 2024.
1.人工智能「武器化」:人工智
能降低了成為黑客的技術門檻。 With the rise in popularity of AI, hackers' actions may outpace the development of the cyber
security industry. The emergence of tools such as generative AI has significantly increased the
黑客利用生成式人工智能下達指 prevalence of cyber attacks, particularly in the realm of phishing scams. The level of simulation
令,產生惡意程式碼、欺詐數 has become increasingly sophisticated. AI-driven threats possess adaptability, allowing them to
據、生成虛假影片等。 analyse defences in real-time and readjust strategies, posing serious challenges to traditional
cyber security measures.
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) handled a
2.新一代釣魚攻擊:黑客通過利 total of 7,752 security incidents in 2023. Among them, phishing accounted for nearly half of all
用AI Deepfake製作虛假影片; cases (3,752 cases, 48%), showing a double-digit increase, up 27% from 2022, also breaking the
在社交平台設置假冒品牌專頁; five-year record. The number of links related to phishing also exceeded 19,000, with a 22%
annual increase. The number was doubled in four years. Phishing attacks were concentrated in
利用搜尋引擎的優化功能,令釣 the banking, finance and electronic payment industries, followed by e-commerce.
魚網站位列搜尋結果前列,令使 At the same time, ransomware attacks have become increasingly severe. Hacker groups actively
用者容易錯誤地登入假冒網站。 search for vulnerabilities in organisations' networks, exploiting them to gain unauthorised
access, steal data and encrypt the files in order to demand ransom payments.
3.網絡犯罪趨向組織化:在2023 HKCERT concludes the five key information security risks to be aware of in 2024 are:
年,香港出現多宗針對企業的勒 1. “Weaponisation” of AI: AI lowers the entry level of becoming a hacker. By using generative
索軟件攻擊,而市民則面對「毒 陳仲文先生示範黑客如何利用AI Deepfake技術 AI, hackers can issue instructions for generating malicious code and disinformation, create fake
videos and so on.
App」和網絡釣魚的威脅。同 製作虛假影片假冒身份。
Mr Alex CHAN demonstrates how hackers
年,全球勒索軟件攻擊及漏洞數 can use AI Deepfake technology to create 2. Next-level Phishing Attacks: Hackers use AI Deepfake to create fake videos, set up fake
social media pages, use search engine optimisation (SEO) techniques to make phishing
量再創新高,顯示有組織及系統 fake videos and impersonate identities. websites appear at the top of search results, deceiving more victims.
的網絡犯罪日趨嚴重。
3. Trend towards Organised Cybercrime: In 2023, Hong Kong experienced several
ransomware attacks targetting local organisations, while citizens also faced threats from
malicious apps and phishing. Globally, the number of ransomware attacks and vulnerabilities
4.針對智能設備的攻擊:具備網絡連接功能的新式電子產品網絡安全標準 reached a new high in the same year, indicating an increasingly serious trend of organised and
不一,容易被入侵和惡意操控,部分產品更難以堵截網絡攻擊。 systematic cybercrimes.
4. Attacks Targetting Smart Devices: Electronic products with network connectivity have
varying cyber security standards and are susceptible to intrusion and malicious manipulation.
5.使用第三方服務的風險:使用其他公司提供的IT服務或會衍生IT供應鏈 Some products are even difficult to block cyber attacks.
攻擊及公司內部網絡安全風險,引致數據洩漏、勒索軟件攻擊等後果。 5. Risks of Utilising Third-party Services: Using third-party provided IT services may give rise
to IT supply chain attacks and insider threats, leading to data breaches, ransomware attacks and
other consequences.
