SingHealth COI report made public: System vulnerabilities, staff lapses, skilled hackers led to cyberattack
Read more at https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-coi-report-made-public-11104424

By Fann Sim @FannCNA

10 Jan 2019 06:15AM (Updated: 10 Jan 2019 08:54AM)

Ricky Lim

“Apart from evading detection for almost 10 months from August 2017, the attacker was conscientious in erasing logs on compromised workstations and servers. Notably, the attacker even re-entered the network after being detected, to erase system and program logs,” the report said.
--
(1) If Central Logger is implemented - then all the system and program logs and security logs will have been copied out to the Central Logger.
Even if the hackers erase the system and program logs and security logs from the compromised servers or clients or network --- it is useless because the Central Logger will have taken possession of all the system and program logs and security logs - which can be used for forensics and analysis.

(2) If SIEM (Security Incident and Event Management) System is deployed - hacking incidents and anomalies will have been detected and correlated - and actions can be immediately taken to stop the attack --- without the needs for staff to correlate suspicious activities.

Like · Reply · 1m

Ricky Lim

And of course the failure to implement 2FA (2 factor authentication) for administrator access to manage servers, networks and database - is one of the critical security lapse.

If implemented, even if hackers manage to steal the admin id and password - they will still not be able to access the database and the servers without the 2nd FA (SMS OTP or secured token).

Like · Reply · 1m