On Monday via a press conference the City of Helsinki authorities shared details of their investigation of a data breach in its education division, which it discovered in late April of this year that is impacting 80,000 of students, guardians, and personnel.
According to the new details, an unauthorized actor gained access to a network drive after exploiting a vulnerability in a remote access server, a vulnerability that a patch was available for at the time of the attack but had not been installed.
The accessed drive contained tens of millions of files, most devoid of personally identifiable information with an “opportunity for abuse of which is not considered to be significant,” but still included usernames, email addresses, personal IDs, and physical addresses.
More concerning is the exposed drive containing information from the Educational Division:
“[…] fees (and the grounds thereof) for customers of early childhood education and care, sensitive information about the status of children, such as information requests by student welfare or information about the need of special support and medical certificates regarding the suspension of studies for upper secondary students, as well as the sick leave records of Education Division personnel. We cannot rule out the possibility of the perpetrator gaining access to data of persons under a non-disclosure restriction,” read the City of Helsinki online update.
Currently, no ransomware groups have assumed responsibility for the attack and the perpetrators remain unknown.
Emily Phelps, Director, Cyware had this comment:
“Data breaches that impact the education sector reinforce the importance of a proactive security posture that goes beyond security hygiene and traditional controls. To effectively get ahead of attackers, comprehensive threat intelligence sharing and the operationalization of this intelligence is critical.
“Incorporating real-time threat intelligence can help organizations anticipate potential threats and take preemptive actions. By fostering a collaborative environment where information on threats is actively shared among trusted partners, entities can enhance their defensive mechanisms against sophisticated attacks.”
Dave Ratner, CEO, HYAS follows with this:
“While patching systems in a timely manner is clearly best practices for any organization that cares about security, the reality is that it’s next to impossible to ensure that each and every patch is applied before a bad actor can take advantage of the vulnerability. This is just one of the reasons that governments around the world are recommending Protective DNS and cyber resiliency solutions as a way of ensuring that bad actors inside the environment are stopped and shut down before damage ensues.”
This is pretty bad as the threat actor appears to have walked in through a metaphorical unlocked door to pwn the City of Helsinki. Let this be an object lesson to all that you need to make sure that you don’t make it that easy for a threat actor to pwn you.
Related
This entry was posted on May 15, 2024 at 8:29 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Helsinki’s Education Division Gets Pwned Via Unpatched Remote Access Server… #Fail
On Monday via a press conference the City of Helsinki authorities shared details of their investigation of a data breach in its education division, which it discovered in late April of this year that is impacting 80,000 of students, guardians, and personnel.
According to the new details, an unauthorized actor gained access to a network drive after exploiting a vulnerability in a remote access server, a vulnerability that a patch was available for at the time of the attack but had not been installed.
The accessed drive contained tens of millions of files, most devoid of personally identifiable information with an “opportunity for abuse of which is not considered to be significant,” but still included usernames, email addresses, personal IDs, and physical addresses.
More concerning is the exposed drive containing information from the Educational Division:
“[…] fees (and the grounds thereof) for customers of early childhood education and care, sensitive information about the status of children, such as information requests by student welfare or information about the need of special support and medical certificates regarding the suspension of studies for upper secondary students, as well as the sick leave records of Education Division personnel. We cannot rule out the possibility of the perpetrator gaining access to data of persons under a non-disclosure restriction,” read the City of Helsinki online update.
Currently, no ransomware groups have assumed responsibility for the attack and the perpetrators remain unknown.
Emily Phelps, Director, Cyware had this comment:
“Data breaches that impact the education sector reinforce the importance of a proactive security posture that goes beyond security hygiene and traditional controls. To effectively get ahead of attackers, comprehensive threat intelligence sharing and the operationalization of this intelligence is critical.
“Incorporating real-time threat intelligence can help organizations anticipate potential threats and take preemptive actions. By fostering a collaborative environment where information on threats is actively shared among trusted partners, entities can enhance their defensive mechanisms against sophisticated attacks.”
Dave Ratner, CEO, HYAS follows with this:
“While patching systems in a timely manner is clearly best practices for any organization that cares about security, the reality is that it’s next to impossible to ensure that each and every patch is applied before a bad actor can take advantage of the vulnerability. This is just one of the reasons that governments around the world are recommending Protective DNS and cyber resiliency solutions as a way of ensuring that bad actors inside the environment are stopped and shut down before damage ensues.”
This is pretty bad as the threat actor appears to have walked in through a metaphorical unlocked door to pwn the City of Helsinki. Let this be an object lesson to all that you need to make sure that you don’t make it that easy for a threat actor to pwn you.
Share this:
Like this:
Related
This entry was posted on May 15, 2024 at 8:29 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.