Page:Ransomware Attack on the Servers of The Hong Kong Institute of Bankers.pdf/2

From Wikisource
Jump to navigation Jump to search
This page has been proofread, but needs to be validated.

Information Obtained from the Investigation

  1. During the course of investigation, the Commissioner reviewed and considered the information provided by HKIB in relation to the Incident, including conducting four rounds of enquiries regarding the security measures adopted by HKIB for the Servers, and examining the investigation report provided by an independent information security consultant (the Consultant) engaged by HKIB. The Commissioner also considered the follow-up and remedial measures taken by HKIB in the wake of the Incident.

The Incident and the Associated Security Vulnerability

  1. HKIB stated that it purchased a firewall (the Firewall) from a service provider (the Service Provider) in June 2018 and installed and activated the Firewall in June and July of the same year respectively to enhance network security.
  2. In May 2019, the Firewall manufacturer issued a security advisory (the Advisory)[1] on its website stating that it was aware of a vulnerability in its operating systems[2] (the Vulnerability)[3] disclosed by a hacker. The Vulnerability would enable an attacker to bypass security restrictions and directly obtain Secure Sockets Layer Virtual Private Network (SSL VPN)[4] account names and passwords to execute any programme in the target system. According to the Advisory, the Firewall manufacturer urged users to disable SSL VPN immediately until the operating systems were upgraded and all account passwords were reset. Meanwhile, users were recommended to enable multi-factor authentication.
  1. www.fortiguard.com/psirt/FG-IR-18-384
  2. The affected operating systems included FortiOS 5.4.6 to 5.4.12, FortiOS 5.6.3 to 5.6.7 and FortiOS 6.0.0 to 6.0.
  3. According to the Security Bulletin of the Hong Kong Computer Emergency Response Team Coordination Centre, the identifier of the Vulnerability was CVE-2018-13379. (www.hkcert.org/security-bulletin/fortinet-fortos-multiple-vulnerabilities)
  4. SSL VPN allows users to use an Internet browser to connect their virtual private network devices through an encrypted communication channel. (www.infosec.gov.hk/en/best-practices/business/vpnsecurity)

2

Retrieved from "https://en.wikisource.org/w/index.php?title=Page:Ransomware_Attack_on_the_Servers_of_The_Hong_Kong_Institute_of_Bankers.pdf/2&oldid=13467060"