Tag Archive for: Organisation

Hong Kong Ballet reports data breach from ransomware attack, becomes third well-established city organisation to be hacked in 2 months


Hong Kong Ballet has reported a data breach caused by a ransomware attack on its computer systems, becoming the third well-established organisation in the city to be hacked in two months.

In an official statement released on Monday night, the renowned cultural institution said it had recently discovered its network systems had been infected with ransomware, allowing intruders to illegally access files stored on computers.

Data including personal user details and the organisation’s internal information had been viewed by the intruders, while it was still working to determine the full scope of data accessed, it said in the statement.

Data of 900 Hongkongers exposed in hack attack of WhatsApp accounts

But due to file encryption by the ransomware, the organisation added it was unable to determine the contents of all files illegally accessed.

“We take this matter seriously and are diligently working to address the issue promptly and responsibly,” the institution, founded in 1979, said, expressing regret over the matter.

It also added it had not received any ransom demands or threats of data leak so far.

The company said it had immediately launched an internal investigation upon detecting the incident and hired external cybersecurity experts to assess the extent of the breach and implement measures.

Head of Hong Kong consumer watchdog apologises over potential personal data leak

The ballet institution, financially backed by the government, also notified police and the Office of the Privacy Commissioner for Personal Data.

It urged partners to remain vigilant and take precautionary measures such as regularly changing passwords, monitoring financial statements, and exercising caution when handling suspicious messages.

Users should also be wary of potential phishing attempts and to only share personal information through official channels, it warned, adding efforts had been made to contain the incident and prevent further unauthorised access to internal systems.

Data stolen from Hong Kong Cyberport includes staff details, credit card records

Early last month, international hackers demanded a ransom of HK$2.35 million (US$300,500) after hacking into tech hub Cyberport’s computers and stealing…

Source…

SPHINX Real-time Cyber Risk Assessment



How to protect your organisation from cyber attack


I’ve been talking to hackers to get into their mindset so I can work out how best we can help businesses protect their end users and sensitive data.

And the first thing that comes out is that, generally, a cyberattack is nothing personal; you’re not being specifically targeted.

Most phishing, ransomware or vulnerability scanning attacks out there are widespread sprays, hoping for a pay-out. It’s a numbers game; test the defences of enough organisations and you’ll find one that will let you in.

It’s like walking down your main shopping precinct and having a flyer thrust into your hand — you’re a target, but you’re not being specifically targeted.

Most people will bin the flyer without reading, but a few will read and act upon the info, bringing in enough return to make the whole flyer operation profitable.

So, if it’s rarely personal, why do hackers attack? What’s in it for them? By understanding the level of investment they’re willing to make and the danger they’re willing to risk, we have a better chance of disrupting their operating model or putting a stop to it altogether.

The five core ‘wants’ of cyber attackers

My research unearthed five main elements attackers are looking for. Once you understand them, you have the basis for a robust defence strategy. You can filter an attacker’s wants into the following: 

Your bandwidth

They want to use your networks and IT for targeted attacks against others or as part of their DDoS (distributed denial-of-service) attack infrastructure.

Your money

This can take many forms, from mining bitcoin through to extortion or manipulating your stock price. A whaling attack could trigger fraudulent money transfers, or they could steal funds through capturing credit card and banking details.

Your data

Attackers can monetise your data through extortion with or without ransomware, either threatening to delete or leak your data. They can also obtain funds by stealing your intellectual property.

Your storage

They might need somewhere to store something illegal and / or non-attributable on your systems. Think pirate software and illegal images.

Your identity

Although your identity may well only…

Source…

Cyber Security Goes Beyond the IT Department, and Across the Whole Organisation – CPO Magazine

Cyber Security Goes Beyond the IT Department, and Across the Whole Organisation  CPO Magazine
“computer security news” – read more