In the morning of 21 July 2018, all of Singapore major press broke news that SingHealth’s database was hacked and millions of patients data were collected by the hackers.
The Straits Times presented a detailed timeline leading to the hack as can be seen below.
The exact cause was not mentioned, but a malware was installed into a workstation which was able to capture user keystrokes and opened a tunnel for hackers to monitor and attack other systems within the network. In major multinational companies, there have been strict web-access policy with network security monitoring such as Barracuda installed.
Most of the time, the common point of failure came from users being tricked into believing the information they are providing is reliable. A few weeks back, I received an email from OCBC. The email looks legitimate, let’s see are you able to identify the flaw in the email before my answers below.
Other than the lack of space before the Click on, all the other information are accurate. If you click on the link, it will bring you to a legitimate looking OCBC website. Usually I will not click on the link, but I will do a check by mouse over the Click on, or if I’m using my mobile (in this case), I will press over it to show the URL detail. It links to a http://188.8.131.52. This should sound a red flag as it does not link to the OCBC website.
I shared this information with several of my friends and family members, they thought there’s something wrong with my credit card. Until I told them this is a phishing email, they were amazed.
When I was working closely with cybersecurity folks in the past, the strength of an organization in cybersecurity is as strong as the weakest link. You can have state of the art servers and networks, usb-locked laptops, administrative controlled users and so on. If your staff is not able to recognize common tricks employ by phishing emails or websites, then the organization is not secured.
SingHealth follow-up action to the hack is to delink internet. That is the most conservative approach. But it’s the safest approach if the staff are not properly trained in cybersecurity, and they refused to be trained, the only way is to cut off internet access.
I had a chat with a fellow IT practitioner from another company yesterday, and he mentioned nowadays with so many systems outsourced and managed by multiple vendors, it’s difficult to secure them. As long as you have remote access for technical support to access and manage the systems, it will result in potential failure modes.
One of the RPA providers had recently released a new version that auto-create multiple bot users in the windows operating environment. We discussed about it and find it to be extremely risky for the end-users. If hackers are able to get hold of the bot access, basically the whole system is compromised.
Let’s take a look at common hacking techniques by cyber attackers. This information was also provided by The Straits Times.
I have given examples of Social Engineering and Malware above. An interesting approach mentioned is Denial of Service (DoS) Attack. 10 years ago when I was a passionate programmer, I wrote a program that can launch DoS at computers in the network. I tried it on a fellow colleague. I went up to him to check how was he doing. He said his computer CPU and memory is extremely high and his laptop is getting very warm. He’s not able to do work as the laptop performance is extremely laggy. I stopped the DoS and check on him again. He said the performance is miraculously back to normal. It’s extremely easy to write DoS programs as this is a weakness of the internet protocols. But I have not heard of much DoS attack nowadays.
The Zero-Day Attack and Man In The Middle are pretty much self-explanatory.
Smart Nation projects were momentarily halted following the hacking incident. But it has been restarted again. From here on, I believed cybersecurity will be planned into all Digital Transformation projects. And it will become increasing important to train staff in area of basic cybersecurity so they do not fall for phishing schemes and install malware into the organization IT assets.