Table of contents exchange of letters with the minister executive summary


CONTRIBUTING FACTORS LEADING TO THE CYBER ATTACK ..... 71



Download 5.91 Mb.
View original pdf
Page49/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   45   46   47   48   49   50   51   52   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
15
CONTRIBUTING FACTORS LEADING TO THE CYBER ATTACK ..... 71
15.1
Network connections between the SGH Citrix servers and the SCM database were allowed .................................................................................................. 72 Lack of monitoring at the SCM database for unusual queries and access ..... 74


COI Report – Part III
Page 50 of 425

15.3
SGH Citrix servers were not adequately secured against unauthorised access ............................................................................................................. 75
15.3.1
Privileged Access Management was not the exclusive means for accessing the
SGH Citrix servers, and logins to the servers by other means without factor
authentication were possible ............................................................................ 76
15.3.2
Lack of firewalls to prevent unauthorised remote access using RDP to the SGH
Citrix servers .................................................................................................... 77
15.3.3
Weak controls over and inadequate monitoring of local administrator
accounts ............................................................................................................ 79
15.3.4
Lack of sight over and mismanagement of the SA. service account ................ 82
15.3.5
Observations on the overall management of SGH Citrix servers ..................... 82 Internet connectivity in the SingHealth IT network increased the attack surface ............................................................................................................ 84 Versions of Outlook used by IHiS were not patched against a publicly available hacking tool .................................................................................... 85 Coding vulnerability in the SCM application ................................................ 86 Other vulnerabilities in the network that were identified in the FY H-Cloud
Pen-Test which could have been exploited by the attacker for privilege escalation and lateral movement .................................................................... 89
15.7.1
Administrator credentials were found on network shares ................................ 89
15.7.2
The Citrix virtualisation environment was not configured adequately to prevent
attackers from breaking out into the underlying operating system .................. 90
15.7.3
Observations on the remediation of vulnerabilities identified in the FY H-
Cloud Pen-Test ................................................................................................. 91

Download 5.91 Mb.

Share with your friends:
1   ...   45   46   47   48   49   50   51   52   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy