Police urged critical infrastructure operators to step up security after hotel cyberattack
The Judicial Police (PJ) confirmed to the Macau News Agency that they are still following the hacking case targeting 17 local hotels last year.
As MNA reported last month, cybersecurity firm Trellix said a South Korean hacking group carried out a campaign of “phishing” cyberattacks beginning in November 2021 and targeted 17 “luxury” hotels in Macau.
The cybersecurity firm revealed that the attack began with a ‘spear phishing’ email addressed to hotel management staff in roles such as vice president of human resources, assistant manager and manager. from the front office.
“Phishing” attacks involve sending fraudulent communications that appear to come from a trusted source, usually emails, sometimes with the intent of stealing sensitive data such as credit card and login information, or ‘install malware on the victim’s machine.
“The PJ has opened an investigation into the relevant matter, with the Cybersecurity Division conducting the necessary review of the evidence, therefore, the investigation is still ongoing,” the police department told MNA.
“Our Cyber Security division has issued a warning to all critical infrastructure operators, urging them to step up their prevention and monitoring work for a secure network environment.
The Macau Government Tourism Office (MGTO) also informed MNA that late last year it received a report from a local hotel regarding a suspicious email sent by the department’s office.
Following an investigation, the MGTO discovered that one of its email addresses usually used to communicate with hotels had been appropriated to send emails automatically, and immediately stopped using the email address.
“The MGTO notified local hotels to be aware of the spear phishing emails, and reported the case to the Macau Cybersecurity Incident Alert and Response Center (CARIC).
The department has also not received any reports from local hotels regarding any damage resulting from this case.
Although the names of the targeted hotels were not revealed, Trellix said that one of the hotels was at the time hosting an international environmental forum and an international trade and investment fair, events that would be held at the Venetian, an integrated resort of Sands China.
Trellix also noted that the server used to deliver this campaign was attempting to impersonate a legitimate government website domain for the Federated States of Micronesia (fsmgov.org) in order to mislead the recipient into believe that it was in fact a letter sent by the public security forces. Macau Domain Affairs Office (fsm-gov.com).
In December 2021, the Office of Public Security Force Affairs issued a public announcement stating only that “illegal elements” were using his email to send fraudulent emails to commit illegal acts.
The security secretary’s SAR office previously warned that Macau saw an increase in “online crime” in 2021, with authorities reporting a growing rise in cybercrime over the past two years.
According to CARIC data, a significant proportion of cyber threats in Macau consist of phishing attacks (37%) and active attacks (32%).
Under the Macau Cybersecurity Law introduced in 2019, public and private critical infrastructure operators must maintain adequate management and security levels for their information networks and computer systems, adopt cybersecurity systems and establish reporting mechanisms.
CARIC also started operating in December 2019 and is coordinated by the Judicial Police, the Public Administration and Civil Service Bureau (SAFP) and the Macau Post and Telecommunications Bureau (CTT).
The center is primarily responsible for cybersecurity risk alerting, cybersecurity incident response and coordination, as well as relevant administrative and technical support, with critical infrastructure entities reporting any cybersecurity issues to the center.