Page:Ransomware Attack on the Servers of The Hong Kong Institute of Bankers.pdf/2

 Information Obtained from the Investigation

During the course of investigation, the Commissioner reviewed and considered the information provided by HKIB in relation to the Incident, including conducting four rounds of enquiries regarding the security measures adopted by HKIB for the Servers, and examining the investigation report provided by an independent information security consultant (the Consultant) engaged by HKIB. The Commissioner also considered the follow-up and remedial measures taken by HKIB in the wake of the Incident.

The Incident and the Associated Security Vulnerability

HKIB stated that it purchased a firewall (the Firewall) from a service provider (the Service Provider) in June 2018 and installed and activated the Firewall in June and July of the same year respectively to enhance network security.

In May 2019, the Firewall manufacturer issued a security advisory (the Advisory) on its website stating that it was aware of a vulnerability in its operating systems (the Vulnerability) disclosed by a hacker. The Vulnerability would enable an attacker to bypass security restrictions and directly obtain Secure Sockets Layer Virtual Private Network (SSL VPN) account names and passwords to execute any programme in the target system. According to the Advisory, the Firewall manufacturer urged users to disable SSL VPN immediately until the operating systems were upgraded and all account passwords were reset. Meanwhile, users were recommended to enable multi-factor authentication. 