'Customised, uniquely tailored' malware not seen elsewhere used in SingHealth cyberattack
Read more at https://www.channelnewsasia.com/news/singapore/customised-uniquely-tailored-malware-singhealth-cyberattack-10794852

By Fann Sim @FannCNA

By and Matthew Mohan

05 Oct 2018 04:43PM (Updated: 05 Oct 2018 10:59PM)

Goh Jon Hin

Sounds like the attacker(s) are very familiar with IHiS, thereby the ease in compromising the system.
Are there insider(s) or 内鬼?

Like · Reply · 1 · 5h

Ricky Lim

There are many ways to discover the topology of a targeted network - and form a good picture of the network.
Eg. using ICMP host sweep, traceroute, SNMP, port scanning, tcp port sweep, udp port sweep, dns query, arp request, and other reconnaissance tools and protocols to produce a "good map".

Not true you require insider(s) or 内鬼 to do it.

That is why IT intrusion is a very scary things - as you send "scout", "drones" or "spy" - virtually in a virtual domain - at the comfort anywhere - as long as there are internet access.

The catch is - whether anyone "discover" or is "alerted" to what you are doing while you are quietly doing reconnaissance.

A good secured and defense IT system can detect any attacks - when it correlate abnormal or illegal activities - and send alarms that the network is under attack.

Like · Reply · 1m

Ricky Lim

Anyway, the diagram provided here is a high level "logical diagram" of the network.
Only 4 main components are illustrated :-
- workstations
- servers
- database servers
- internet

Anyone with some knowledge in IT can figure this out - and will not cause any information leak to help hackers to hack. It is not a detailed physical diagram of the network.
- a workstation is compromised
- workstation launch malware to compromise other workstations
- workstation compromise a SCM server
- SCM server make SQL queries on SCM database and steal the medical record
- medical records from SCM server stolen (probably as flat files) - and transfer to compromise workstation.
- compromise workstation send flat file to internet (hacker server).

The process is very simple - the hard part is the hacker skill to be able to break into the workstation, and then break into the SCM server to do unrestricted access to SCM database - without being detected.

Like · Reply · 1m · Edited

Mary Felinor Regino-Cheong

Insider job, prime suspect ex FT employ in iHis. APT actors from huge rogue asian nation used to steal Ip n data globally, this nation has an army of APT actors n actress

Like · Reply · 1 · 1h

Ricky Lim

You mean all hacked IT systems happened all over the World are done by "insiders" - like conventional spy?

Does it make sense?

Like · Reply · 1m