Hong Kong Police Force
Office of the Government Chief Information Officer
Trend Micro Limited
Lapcom Ltd
The Chinese University of Hong Kong
At this point of time, cyber-defense has been reactive and threat intel are relied on open-source intelligence such as vendors’ news subscription, hacker forum, blogs, github, ExploitDB and social media feeds. Threat actors are proactive and keeps improving their skills and upgrading exploit method and malware signature. However, while threat actors are upgrading their arsenal, they require live-target test and will often test on vulnerable public infrastructures, hence, the concept of honeypot provides increased visibility and allows IT security teams to defend against attacks that the firewalls & other security solutions fail to prevent. The project aims to address specific area/problem as there are no early warning system in Hong Kong to alert cyber-defenders of various industries to counter reactive cybersecurity. At the same time, there are no real-time information collection from threat actors when they are testing their attacks or experimenting with their malware. The unique features & Highlights of this project centralized collection of threat intel from different industries including law enforcements, tertiary education, security solutions company as they are high value targets in the eyes of threat actors (various hacker types and intentions) when threat actors are experimenting with their exploits and malwares. Once these massive amounts of threat intel across Hong Kong with industrial specific information are collected, the portal will utilize the previous developed Machine Learning Model to reduce effort of cyber defenders at the same time increase efficiency and effectiveness of cyber defense mechanism. The portal will also utilize “OpenAPI” architecture to share advance threat intel and achieve Machine-to-machine information sharing without human intervention to reduce human cost and increase efficiency in cyber defense & detection.