（香港，2024年3月20日）劍達（香港）有限公司（「Green Radar」或「公司」）發佈了最新的電子郵件威脅指數 Green Radar Email Threat Index（「GRETI」或「指數」），作為自 2023 年開始的年度回顧，年度指數顯示為69.7分。指數與上年度的66.5分相比有所增加，反映電郵威脅風險持續上升，應保持警惕。

根據分析，本年度的網絡釣魚（Phishing）和商業電郵詐騙（BEC）攻擊繼續處於「高」風險級別水平。2023 年發生了不少針對政府部門的網絡攻擊，導致數百 GB 的資料遺失和甚至業務資料庫被盜，受入侵的組織被黑客勒索贖金並聲譽受損。當然，事故原因不乏人爲錯誤但系統爲何不堪一擊亦十分值得反思。由此可見，網路釣魚仍是黑客首選的網絡攻擊手法。香港電腦保安事故協調中心（HKCERT）亦在早前公佈在2023年共處理 7,752 宗保安事故，其中網絡釣魚更佔整體個案接近一半（3,752宗，佔48%），對比2022年上升27%，數字創五年新高。與網絡釣魚相關的連結更突破19,000條，相當於每日至少受到52次與釣魚有關的攻擊。

人工智能助長網絡威脅  Quishing攻擊手法有變

根據GRETI的分析，今年預計會有更多利用AI策劃網絡攻擊的情況出現。這是因為AI技術的應用可以幫助犯罪分子生成惡意軟件，同時降低了他們的技術門檻。在新一代的釣魚攻擊中，黑客不僅使用傳統的電郵方式，還運用AI Deepfake技術來冒充他人身份，以贏得受害者的信任，從而詐騙金錢。因此網絡釣魚仍然是最流行的電郵威脅類型，並且在本年度繼續保持上升趨勢；因此企業更需要部署相應的網路釣魚防護解決方案來保護員工和企業免受威脅。

Quishing方面, 黑客用更改了背景顔色和錯誤比例的QR Code 圖片取代以往使用完整QR Code的釣魚電郵，使電郵安全閘道更難透過光學字符識別(OCR) 將這些影像識別為 QR Code。顯示黑客有試圖用不同的Quishing手法攻擊，證明了他們在幕後進行了廣泛的研究工作，以增加網絡釣魚命中率。

（Quishing 案例示意圖）

GRETI注意到黑客在設計具針對性的攻擊時，會利用誘餌來吸引收件人的注意。例如假冒受信任和認可的品牌或機構，原因是因為知名品牌在消費者中建立了一定的信任。以SOC攔截到的假冒香港終審法院例子來說，本土化程度高但一般市民大衆收到相關電郵時不免衍生緊張、恐慌的情緒，因此會來不及識別當中的真僞。就這個例子而言，黑客嘗試引導收件人點擊看似正確的文件名稱鏈接並導向其至創建的假網站，務求令網絡釣魚取得成功。

縱觀全年，DHL、WeTransfer、Meta、Spotify和Amazon分列假冒品牌排行榜的前五名。黑客利用假冒知名品牌的策略，透過製作偽造的廣告、促銷活動、優惠等手段，誘使受害者提供個人資訊或進行金錢交易。這些黑客能夠充分利用品牌的信譽、價值和廣泛知名度，從而提高詐騙成功的機會。因此，請保持警惕，仔細驗證其真實性，以免成為黑客的目標。

（本土釣魚攻擊例子 – 香港終審法院）

2024年新型網絡釣魚 – 克隆網路釣魚（Clone Phishing）

隨著大家了解到網路釣魚意識培訓的重要性，黑客找到可以繞過培訓並誘騙用戶陷入憑證盜竊的新方法。克隆網路釣魚類似於線程劫持，是一種基於電郵的新型威脅，克隆網絡釣魚會把帶有附件的真實電郵，再假冒原始寄件者重新發送。然後附件被惡意程式替換，但外觀與原始文件相似，因此很難被發現。

注意，克隆網路釣魚並不總是透過電郵回覆的方式進行而是取決於您的業務方式。有時，攻擊是通過複製一封已知企業發送的電郵並將合法的電郵副本發送給目標收件人。由於克隆網路釣魚通常是從合法電郵地址發送，因此無論是否有適當的網路安全措施來阻止，該電郵也會傳遞到使用者的收件匣中。而這封惡意電郵可能附帶勒索軟件或其他任何形式的惡意附件，用於竊取數據。

Green Radar服務運營執行副總裁李祟基先生表示：「網路釣魚攻擊可以透過不同的媒介進行，其中最常見的是電郵。攻擊目的是竊取憑證以接管帳戶，可能導致企業敏感資料外泄和詐欺轉帳等嚴重後果。由於攻擊利用人性弱點，必須防止員工成爲潛在漏洞。員工教育固然重要，但遠距工作和大量郵件和訊息處理使辨識複雜攻擊更困難，因此使用合適的網路釣魚防護解決方案至關重要。」

如欲了解更多電郵威脅最新趨勢，歡迎點擊以下網站下載 GRETI 完整報告：

March 20, 2024, Hong Kong – Green Radar (Hong Kong) Limited (“Green Radar” or “the Company”) has released the latest Green Radar Email Threat Index (“GRETI” or “the Index”), as part of the annual review since 2023. The index for 2023 reached 69.7, indicating a further increase in email threat risks compared to the previous year’s index of 66.5. This highlights the importance of maintaining vigilance in addressing these threats.

According to the analysis, phishing and Business Email Compromise (BEC) attacks continue to pose a “high” level of risk this year. In 2023, numerous cyberattacks targeted government departments resulted in the loss of hundreds of gigabytes of data and even theft of business databases. The compromised organizations were subsequently blackmailed for ransom, leading to reputational damage. While human errors contributed to these incidents, the weaknesses in the systems are also worthy of reflection. Consequently, phishing remains the preferred method for hackers in cyberattacks.

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) recently reported handling a total of 7,752 security incidents in 2023, with phishing accounting for nearly half of the cases (3,752 cases, or 48%), representing a 27% increase compared to 2022 and reaching a five-year high. The number of links associated with phishing exceeded 19,000, equivalent to at least 52 phishing-related attacks per day.

Artificial intelligence fuels cyber threats; Quishing attack techniques have improved

According to GRETI’s analysis, it is expected to see an increase in cyberattacks using AI this year. This is because the application of AI technology can assist criminals in generating malicious software with lowered technical barriers. In the new generation of phishing attacks, hackers not only use traditional email methods but also apply AI Deepfake technology to impersonate others and gain the trust of victims in order to defraud them for money. Therefore, phishing remains the most prevalent type of email threat and continues its upward trend this year. As a result, businesses need to deploy corresponding anti-phishing solutions to protect their employees and organizations from these threats.

Regarding Quishing, hackers have employed a new technique by modifying the background color and using an unusual ratio of QR code images in phishing emails. This approach replaces the previous method of using complete QR codes. By doing so, hackers make it more challenging for email security gateways to recognize these images as QR codes through Optical Character Recognition (OCR). The fact that hackers are attempting to use various Quishing techniques demonstrates their extensive research efforts behind the scenes, aimed at increasing the success rate of their phishing attacks.

GRETI has observed that when hackers design targeted attacks, they use bait to attract the attention of recipients. For example, they may impersonate trusted and recognized brands or institutions, as well-known brands have established a certain level of trust among consumers. Taking the example of a fake Hong Kong Court of Final Appeal email intercepted by our Security Operations Center (SOC), the high level of localization may cause anxiety and panic among the general public when they receive such emails, making it difficult for them to identify the authenticity. In this case, hackers attempt to guide the recipient to click on a seemingly legitimate file name link that redirects recipient to a fake website that hackers created to execute the phishing attack successfully.

Throughout the year, DHL, WeTransfer, Meta, Spotify, and Amazon have consistently ranked among the top five counterfeit brands. Hackers utilized the strategy of impersonating well-known brands by creating forged advertisements, promotional campaigns, and offers to lure victims into providing personal information or engaging in financial transactions. Hackers took advantage of these brands’ reputation, value, and widespread recognition, thereby increasing the chances of successful fraud. Therefore, it is essential to remain vigilant and carefully verify the authenticity of any communication or offer to avoid becoming a target for hackers.

2024 New type of phishing attack – Clone Phishing

Despite the growing awareness of phishing and the importance of cybersecurity training, hackers have found a new method to bypass training and deceive users into falling for credential theft.

Clone Phishing, similar to thread hijacking, is an email-based threat where a genuine email with attachments is cloned and resent, impersonating the original sender. The attachments are then replaced with malicious programs that closely resembled the appearance of the original files, making them difficult to detect.

It is important to note that Clone Phishing doesn’t always occur through email replies but depends on your business practices. Sometimes, the attack involves duplicating an email sent by a known company and sending a legitimate copy to the targeted recipient. Since Clone Phishing often originates from legitimate email addresses, the emails can bypass proper network security measures and land in the users’ inboxes. These malicious emails may contain ransomware or any other form of malicious attachment aimed at stealing data.

Mr. Francis Lee, Executive Vice President, Service Operations at Green Radar, stated, “Phishing attacks can occur through various mediums, with email being the most common among them. These attacks aim to steal credentials to take over accounts, which can result in severe consequences such as the leakage of sensitive corporate data and fraudulent transfers. As these attacks exploit human vulnerabilities, preventing employees from becoming potential vulnerabilities is crucial. While employee education is important, the challenges posed by remote work and handling a large volume of emails and messages make it more difficult to identify sophisticated attacks. Therefore, it is essential to utilize appropriate phishing protection solutions.”

For more email threat updates, please click to download 2023 GERTI Annual Report:

Download Full Report

(香港，2023年2月2日）劍達（香港）有限公司（「Green Radar」或「公司」）發表 2022 年第四季度的電郵威脅指數 Green Radar Email Threat Index（「GRETI」或「指數」）。第四季指數顯示為 64.3分（第三季為68.1分），反映電郵威脅風險較上季適度下跌。根據分析，網絡釣魚和商業電郵詐騙攻擊有所緩和但出現大量且持續的回避攻擊(“evasive attacks”)，因此風險級別水平維持在「高」。今季報告發現，年近歲晚金融服務業繼續是網絡釣魚攻擊活動的目標，黑客以財務部發放年度獎金為由廣撒電郵，利用大衆期待獎金的情緒釣魚。此外，Green Radar 的 grMail 於 2023 年 1 月被 市場調研公司Frost & Sullivan 評為香港和新加坡地區電子郵件安全服務供應商的行業領導者，反映了對公司產品在這兩個營運地區在技術水平及複雜程度的認可。

DHL再次升至最常假冒品牌榜首  Apple榜上有名

根據今季GRETI 報告，商業電郵詐騙攻擊較上季下跌。Green Radar電郵安全監控中心（SOC ）統計數據顯示最常被冒充的三大品牌包括：DHL 、微軟和 LinkedIn。另外，滙豐銀行在本季雖未上榜，但SOC 攔截了不少與其相關的釣魚電郵；内容以 “不活躍的帳號警報”為題，誘使用戶點擊連結並激活賬號，進一步盜取用戶的個人資料和憑證密碼。根據SOC統計，在過去的3個月黑客每日發動超過1,000次含有釣魚連結的攻擊，這意味著沒有足夠强大的電郵保安措施，企業便會輕易受到黑客攻擊，造成難以預料的損失。

十大惡意軟件家族排行榜的第一位是HEUR:Exploit.MSOffice.CVE-2018-0802由第三位升至第一位，HEUR: Exploit.MSOffice繼續維持在第二位，HEUR: Exploit.MSOffice.Badur則由第五位升至第三位，表示這類軟件頗受黑客歡迎，需要多加留意。

内部培訓有效應對釣魚危機

 了解公司的內部威脅並為員工提供適當的釣魚意識評估十分重要，衆所周知黑客會針對企業最薄弱的環節出擊，而員工正是所潛在的威脅。對企業而言，前述每日超過1,000 次的攻擊，每一個都代表著資料外洩、勒索程式及詐騙的風險。員工由於意外或疏忽而在無意間泄露資料，例如遙距工作時繞過資訊科技保安控制措施和相關的安全設定；黑客可以在未經授權的情況下竊取敏感和機密資料。

由此可見，提升員工的安全意識能幫助員工成爲防禦黑客攻擊的第一道防綫。Green Radar的grAssessment（釣魚意識演習）可為企業度身定做合適的方案，增加員工對電郵威脅的認識，建立安全屏障。據SOC的統計，發現不少客戶在進行第二次的釣魚意識演習後，員工的安全意識提高了至少51%。

Quishing釣魚手法仍肆虐 冒充財務部發放年終獎金

 根據Green Radar SOC 提供的釣魚電郵可見，黑客善於掌握大衆情緒和心理，乘當時話題之勢出擊。年近歲晚，有近38%的釣魚電郵假借財務部之名發出，黑客瞄準特定群體，製作出具說服力的電郵內容獲利。電郵內附帶載有釣魚網站的QR Code圖片，利誘收件人掃瞄開啟並連結至假網站，帳戶便落入黑客手中。由於QR Code屬圖像檔案，不是所有的保安系統都能偵測。不過，現時市面上已有技術可應對這類攻擊，如Green Radar的grMail AI技術已能夠準確識別電郵的惡意連結、附件和QR Code。

（黑客製作附有QR Code的釣魚電郵例子）

Green Radar 產品營銷執行副總裁李祟基先生表示：「網絡犯罪活動越來越精密，針對商業機構的技倆也越趨成熟，要讓公司有足夠的防禦能力來抵擋電郵攻擊，除了選用卓越的電郵保安服務供應商之外，員工對網絡安全意識的演習也不可或缺。」對於grMail產品獲選為電郵安全服務商領導者，李祟基補充：「Frost & Sullivan的報告是對Green Radar在技術研發方面的重要認可，我們矢志為企業客戶提供最合適及全面的電郵保護方案，不斷優化grMail的技術水平以提升本地威脅情報、監控及攔截能力。」

如欲了解更多電郵威脅最新情報，歡迎點擊下載 2022 Q4 GERTI：Green Radar 2022 Q4 GRETI Press Release_CN

(2nd February 2023, Hong Kong）Green Radar (Hong Kong) Limited (“Green Radar” or “Company”) has released the Green Radar Email Threat Index (“GRETI” or “Index”) for the fourth quarter of 2022. The index for this quarter is 64.3 (the index released in October was 68.1), suggesting that the risk of email threats has moderately decreased. The overall the risk level remains “High” despite the moderation of phishing and Business Email Compromise (BEC) attacks, due to the continuous evasive and high volume of evasive attacks monitored. This report revealed that hackers sent out mass emails at the end of the year, took advantage of the public’s anticipation of annual bonuses and attempted phishing by impersonating companies’ financial departments. The FSI(“financial service industry”) sector continues to be a prime target for phishing attack campaigns. Meanwhile, grMail, the premier product that Green Radar offers to protect organizations against email threats, was recognised by market research company Frost & Sullivan in January 2023 as a leader in email security in Hong Kong and Singapore, reflecting the technological and sophistication of the product in these two operating regions.

DHL reclaims the top spot of the most impersonated brand listing, while Apple debuts its presence with a fifth place

According to the GRETI Q4 report, commercial email scam attacks have decreased compared to the previous quarter. Green Radar Email Security Operations Centre (SOC) statistics showed that the top three most impersonated brands are DHL, Microsoft and LinkedIn. Besides, although HSBC could not reach the top 5, SOC intercepted numerous related phishing emails. Prevalent contents mimicked “Inactive Account Alert”, lured users to click the link and “re-activate” the account, hence attempted to steal their personal information and credentials. According to the Green Radar SOC data, more than 1,000 phishing attacks with hyperlinks were triggered daily, implying that corporates are easily exposed to hackers’ attacks without ample protection from email security solution providers, leading to unforeseen losses.

HEUR:Exploit.MSOffice.CVE-2018-0802 rose from the third place to the top among malwares. HEUR: Exploit.MSOffice remained at the second place. HEUR: Exploit.MSOffice.Badur made its way to the top three from the fifth place, showing that such malware is popular among hackers and more attention is needed.

Internal Awareness training is effective against the phishing crisis

It is essential to understand your company’s internal threats and provide employees with a proper phishing awareness assessment, hackers are known to target the weakest point in a business, and employees are a potential threat. As mentioned before, there were more than 1,000 phishing attacks daily. Every attack represents a risk of data leakage, ransomware and fraud to enterprises. Inadvertent disclosure of data by employees due to accident or negligence, such as bypassing IT security controls and related security settings while working remotely, would allow hackers to access sensitive and confidential information without authorisation.

Therefore, improving employees’ security awareness can equip them as the frontline of defence against cyber attacks. Green Radar’s grAssessment (Phishing Awareness Training) can tailor solutions for corporates, increase employees’ awareness of email threats and fortify the security barrier. According to the statistics of SOC, it is found that after the second phishing awareness training was conducted, employees’ security awareness increased by at least 51%.

Quishing techniques still running rampant, ‘issuing’ year-end bonuses impersonating finance departments

According to phishing emails provided by Green Radar SOC, hackers were adept at manipulating the public’s emotions and leveraging the hot topics in town. By the end of the year, nearly 38% of phishing emails were sent under the guise of the finance departments. Hackers target specific groups and craft persuasive email content for profit.

The email contained a QR Code photo of a phishing website, which lured the recipient to scan and open the link to the fake website. The account would be in the wrong hands if users fall into the trap. QR Code is an image file, which can easily bypass the security systems. Fortunately, there are existing technologies on the market to deal with this type of attack such as grMail’s AI technology, one of the solutions provided by Green Radar, it can precisely identify malicious links, attachments, and QR Codes in emails.

Mr. Francis Lee, Executive VP, Product Marketing at Green Radar, commented, “Cybercrime is getting more advanced, and its tactics against businesses are getting more sophisticated. For the company to have an adequate defence to withstand email attacks, besides choosing an excellent email security service provider, cybersecurity awareness exercises for employees are also indispensable.” Regarding grMail being acknowledged as the leader of email security service provider, he added, ”Frost & Sullivan’s report is an important recognition of Green Radar’s technology research and development. We are dedicated to providing corporate customers with the most tailored and comprehensive email protection solutions, continuously advancing the technology of grMail to enhance local threat intelligence, detection and interception capabilities.”

For more email threat updates, please click to download 2022 Q4 GERTI: Green Radar 2022 Q4 GRETI Press Release_ENG