Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page103/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   99   100   101   102   103   104   105   106   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part IV
Page 119 of 425

to a separate set of logs, and was thus able to identify the various logins to Citrix Server 1 using the LA. account.

20.4 Changing passwords to the LA. accounts on all SGH Citrix
servers
344. By the evening of 11 June 2018, Lum was of the view that the password for the LA. account had been stolen, and had been used to access Citrix Server
1 without authorisation on numerous occasions. However, at this stage, Lum did not report the incident to anyone from the SMD (Security Management Department.
345. The password for the LA. account on Citrix Server 1 was changed in the evening of 11 June 2018. Thereafter, there were no subsequent unauthorised logins to Citrix Server 1 using the LA. account.
346. Local administrator accounts named LA also existed in all other Citrix servers in the SGH Citrix server farm and in H-Cloud, and Lum was of the view that it was highly possible that other LA accounts in the SGH Citrix servers used the same password, ‘P@ssw0rd’. As such, later in the night of 11 June 2018, the passwords for the LA. accounts on all the other SGH Citrix servers were changed.
20.5 Discovering that malware was detected earlier on Citrix Server
1
347. On the night of 11 June 2018, Lum was concerned that Citrix Server 1 may have been infected with malware. He checked the antivirus software logs on
Citrix Server 1 and found that malware had been deleted from the server on 8 June 2018. At that point, he did not check further as to the details of the malware, but he provided this information to the SMD the next day.
348. Lum has explained that given what he had learned on 11 June 2018, his first thought was that there was “some kind of audit/penetration testing or


COI Report – Part IV
Page 120 of 425

scanning of the SCM database to test for vulnerabilities”. However, after checking with the Infrastructure Services and the SMD the next day, he realised that this was not the case.

Download 5.91 Mb.

Share with your friends:
1   ...   99   100   101   102   103   104   105   106   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy