Cyber Incident Victim: Royal Institution of Chartered Surveyors
Date:
Oct 2015
Location:
United Kingdom
Summary
HTGzSecurity hacks ricsasia.org (Royal Institution of Chartered Surveyors) and dumps 3,410 records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In 2015, the Royal Institution of Chartered Surveyors (RICS) suffered a cyber attack that resulted in the theft of sensitive data belonging to its members and clients. The incident occurred on October 14th when an unknown attacker exploited a vulnerability in RICS' application server to gain unauthorized access to the system, leading to the exfiltration of sensitive information.
According to online articles, the attack was carried out by @HTGzSecurity, a well-known cybercrime group that has been linked to several high-profile hacking incidents in the past. The group is known for its sophisticated techniques and ability to evade detection by security systems.
The RICS incident highlights the importance of robust cybersecurity measures, particularly in organizations that handle sensitive data belonging to their members or clients. It also underscores the need for regular security audits and penetration testing to identify vulnerabilities before they can be exploited by attackers.
In this case, the attacker was able to gain access to RICS' application server through a previously unknown vulnerability. Once inside, they were able to exfiltrate sensitive data including personal information of members and clients, as well as confidential documents related to property transactions. The incident is believed to have occurred over a period of several weeks before it was detected by RICS security teams.
The theft of sensitive data can have serious consequences for both organizations and individuals affected. In this case, RICS members and clients may be at risk of identity theft or financial fraud as a result of their personal information being stolen. The incident also highlights the need for greater awareness and education among organizations about cybersecurity best practices to prevent such incidents from occurring in the first place.
The RICS cyber attack is a sobering reminder of the importance of robust cybersecurity measures in protecting sensitive data belonging to individuals and organizations. It underscores the need for regular security audits and penetration testing to identify vulnerabilities before they can be exploited by attackers, as well as greater awareness and education among organizations about cybersecurity best practices.