Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong - - PowerPoint PPT Presentation

dragon advance tech the latest cybersecurity landscape in
SMART_READER_LITE
LIVE PREVIEW

Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong - - PowerPoint PPT Presentation

Mar 05, 2024 201 likes •643 views

Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference - 2018 Frankie Li You heard a lot ... Like this But not from Hong Kong 2014-2015 7 2016: APT 3 targeted the organizations with

slide-1
SLIDE 1

Dragon Advance Tech

slide-2
SLIDE 2

The Latest Cybersecurity Landscape in Hong Kong

FinTech Security Conference - 2018 Frankie Li

slide-3
SLIDE 3

You heard a lot ... Like this

slide-4
SLIDE 4

But not from Hong Kong

slide-5
SLIDE 5

2014-2015

slide-6
SLIDE 6

7

slide-7
SLIDE 7
slide-8
SLIDE 8
slide-9
SLIDE 9
slide-10
SLIDE 10
slide-11
SLIDE 11
slide-12
SLIDE 12
slide-13
SLIDE 13
slide-14
SLIDE 14
slide-15
SLIDE 15
  • APT 3 targeted the
  • rganizations with

"spear-phishing" attacks

  • "Relevant security

measures had already been put in place to block the suspicious e- mails,” Government

  • ffice confirmed in a

statement

2016:

slide-16
SLIDE 16

2016

slide-17
SLIDE 17

2016: The SWIFT Attacks – Hong Kong?

slide-18
SLIDE 18

ATM Hacks extend to the Great China Regions

slide-19
SLIDE 19

Exchange hacking occurs regularly

Mar 2012 Sept 2012 Feb 2014 Jan 2016 Aug 2016 Jul 2017 Jan 2018 Jun 2018

Bitcoin was exposed to the hosting site vulnerability. The funds were stolen and the exchange was closed

Bitcoinica

The hacker could access the backup

  • key. The exchange

was closed and funds partly refunded to users

Bitfloor

The exchange suspended trading, closed its website and exchange services, and filed for bankruptcy

  • protection. Users

did not received compensation

  • Mt. Gox

Bitstamp was hacked through

  • phishing. The

platform was completely reorganized. Losses were covered from reserve fund

Bitstamp

The exchange did not use cold

  • storage. The

exchange issued Bitfinex tokens (BFX) for users who lost their funds

Bitfinex

Attackers compromised the employees’

  • computers. Partial

compensation was paid to users

Bitthumb

The BitGril hack is a bit

  • complicated. The

exchange just announced the tokens were missing. They announced that it appear to be related to BitGrail’s software

Coincheck Coinrail

The exchange reported a hack on its

  • website. 30%
  • f the token

have been taken. Reserves had been moved to a cold wallet

Feb 2018 Bitgrail

The Coincheck hasn’t disclosed how their system was breached, just saying that it wasn’t an inside job. It kept customer assets in a hot

  • wallet. Users are

partially refunded in Mar 2018

slide-20
SLIDE 20

2016: Security Landscape changed?

Money is now Data

slide-21
SLIDE 21

2016: Cyber Fortification Initiative

slide-22
SLIDE 22

2017

slide-23
SLIDE 23

2017: Hong Kong travel agent WWPKG

  • One of Hong Kong’s largest travel

agencies, revealed its customer database was hacked, putting at risk personal information such as ID card numbers and credit card

  • The police source said that the

hackers were likely to be based

  • verseas
slide-24
SLIDE 24

2018: Hong Kong Broadband Network

slide-25
SLIDE 25

2018: Unpublished Attack Incident

slide-26
SLIDE 26

2018: Data Leakage Incidents

slide-27
SLIDE 27

Latest Development of CX Incident

slide-28
SLIDE 28

2018: Smart Banking Initiatives

30

slide-29
SLIDE 29

2018: Cybersecurity and Technology Risk

Protected by C-RAF The seven domains of maturity assessments

31

slide-30
SLIDE 30

Is You Online Banking Infrastructure Secure?

32

slide-31
SLIDE 31

2018: New Cybersecurity Incidents

  • On Oct 31, 2018 HKMA has

requested to all e-wallets

  • perators to suspend the

automatically top-up via the Fast Payment System because they found a number of customers had suffered loss of fraud cases

  • n electronic Direct Debit

Authorization (eDDA)

slide-32
SLIDE 32

2018: HSBC e-payment app PayMe Under Fire

  • Simple verification procedures

for HSBC e-payment app PayMe allowed hackers to carry out unauthorised transactions after luring victims into disclosing their email passwords using phishing scams

34

slide-33
SLIDE 33

Short Near Future we shall have eKYC

35

slide-34
SLIDE 34

Latest Development of Virtual Banks

slide-35
SLIDE 35

Smart FinTech | Exposing more attack service

37

slide-36
SLIDE 36

Safe House or Sweet Home?

40

slide-37
SLIDE 37

Safe House or Lake Resort on the cliff?

41

slide-38
SLIDE 38

Encryption = Security?

42

slide-39
SLIDE 39

Firewall == Network Security?

43

slide-40
SLIDE 40

How is your Security being Implemented?

44

slide-41
SLIDE 41

Building Cybersecurity Capacity for Hong Kong

International Cooperation

  • Enhanced collaboration

(multi-stakeholder, Bi/Multi lateral)

  • Inter-Agency Collaboration

Capacity Building

  • Cybersecurity Skills

Development

  • Culture of Cybersecurity
  • Cybersecurity Innovation

Organizational Structures

  • Government

Coordination

  • Governmental Focal

Point

  • Sectoral CIRT
  • Public-Private

Partnerships

Technical/Procedural Measures

  • Governmental lead

Cybersecurity Goals and Framework

  • Secure Government

Infrastructure

  • Global Technical

Collaboration

Legal Measures

  • Legal Measures

Strategy

  • Government Legal

Authority

  • Adequate and

harmonized legal frameworks

Human Capacity Building

  • Curricula and Training

Program

  • Bespoke Training
slide-42
SLIDE 42

Thank you

Q & A