Read more at https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-the-work-of-sophisticated-usually-state-10592762
(Updated: )
Ricky Lim
The cyberattack on SingHealth’s IT database in June, which resulted in the most serious breach of personal data in Singapore’s history, was “the work of an advanced persistent threat (APT) group” that are “usually state-linked”, said Minister for Communications and Information S Iswaran on Monday (Aug 6).
Internationally, APT groups have also hacked the United States (US) Democratic National Committee in 2016 and the US Office of Personal Management (OPM) in 2014, which resulted in more than 20 million personnel records stolen.
Mr Iswaran said the SingHealth cyber attacker had used advanced and sophisticated tools, including customised malware that was able to evade the healthcare provider’s antivirus software and security tools. Once they got into the system, they took steps to remain in the system undetected before stealing patients’ information, which included that of Prime Minister Lee Hsien Loong.
--
Posted on :- 20 Jul 2018
Ricky Lim
This sounds like an Advanced Persistent Attack (APT) - by hijacking a legitimate workstation through remote access, steal the password (at least the administrator password of the database) and do a sweeping copies of the database for eg. via SQL.
SingHealth network infrastructure that run independently seems to be independent from the Ministry - and may lack the security rigour of the more protected IT infra.
Posted on:- 20 Jul 2018
Ricky Lim
(1) An APT is a highly sophisticated stealth hacking technique that not a single or a group of hackers can pull off.
It require a large pool of very skillful hackers who are familiar with virtually all network devices, security devices, computer devices, OS, system software, security measures, applications, database, TCP/IP, remote access, encryption, decryption etc.
Only a State resources of easily 50 or 100 or 1000 or more varied experts in the relative specialised areas can pull off such a sophisticated and targeted attack - without being detected.
(2) Also noticed that out of hundreds, thousands or even millions of such varied IT resources, servers, equipment, apps software, system software etc - this group of hackers manage to identify just one weak workstation through reconnaisance (without detection) - to break its password, take control of it remotely via remote desktop access protocol or other form of remote control and hacked into the database by breaking the database admin password.
(3) You have to note that every device, server, system software, or security devices - you will need an expert of each hardware and software to be able to break its security, know how they store record and store their security logs - so that they can skillfully remove all the digital footprint or security trace of their illegal access.
If there is few hundred specialised IT hardware and software - you will easily required at least a few hundred experts in the respective fields to break through and clean it up.
If this is not State Sponsored hacking attacks (commiting a full national resources of IT experts) - you think a disparate few expert hackers can pull off such an attack?
Internationally, APT groups have also hacked the United States (US) Democratic National Committee in 2016 and the US Office of Personal Management (OPM) in 2014, which resulted in more than 20 million personnel records stolen.
Mr Iswaran said the SingHealth cyber attacker had used advanced and sophisticated tools, including customised malware that was able to evade the healthcare provider’s antivirus software and security tools. Once they got into the system, they took steps to remain in the system undetected before stealing patients’ information, which included that of Prime Minister Lee Hsien Loong.
--
Posted on :- 20 Jul 2018
Ricky Lim
This sounds like an Advanced Persistent Attack (APT) - by hijacking a legitimate workstation through remote access, steal the password (at least the administrator password of the database) and do a sweeping copies of the database for eg. via SQL.
SingHealth network infrastructure that run independently seems to be independent from the Ministry - and may lack the security rigour of the more protected IT infra.
Posted on:- 20 Jul 2018
Ricky Lim
(1) An APT is a highly sophisticated stealth hacking technique that not a single or a group of hackers can pull off.
It require a large pool of very skillful hackers who are familiar with virtually all network devices, security devices, computer devices, OS, system software, security measures, applications, database, TCP/IP, remote access, encryption, decryption etc.
Only a State resources of easily 50 or 100 or 1000 or more varied experts in the relative specialised areas can pull off such a sophisticated and targeted attack - without being detected.
(2) Also noticed that out of hundreds, thousands or even millions of such varied IT resources, servers, equipment, apps software, system software etc - this group of hackers manage to identify just one weak workstation through reconnaisance (without detection) - to break its password, take control of it remotely via remote desktop access protocol or other form of remote control and hacked into the database by breaking the database admin password.
(3) You have to note that every device, server, system software, or security devices - you will need an expert of each hardware and software to be able to break its security, know how they store record and store their security logs - so that they can skillfully remove all the digital footprint or security trace of their illegal access.
If there is few hundred specialised IT hardware and software - you will easily required at least a few hundred experts in the respective fields to break through and clean it up.
If this is not State Sponsored hacking attacks (commiting a full national resources of IT experts) - you think a disparate few expert hackers can pull off such an attack?
No comments:
Post a Comment