Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page174/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   170   171   172   173   174   175   176   177   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
34 ADDITIONAL MEASURES TAKEN BY CSA
34.1 Putting CII sectors on alert
657. Over the course of the investigation, CSA issued alerts and disseminated newly discovered IOCs to the other ten CII sectors, to scan and monitor their networks and systems based on the IOCs for signs of the attacker. CSA also provided information about the attacker’s MO to CII sectors to enable them to review their own security posture, and to implement appropriate security measures. These recommended security measures included the review of domain administrator accounts, monitoring for unauthorised remote access, and disabling the unnecessary use of PowerShell. Following the first alert issued on 16 July
2018, CSA sent a total of six addendums, between 17 and 25 July 2018, to the
CII sectors.
34.2 Briefing entities hosting large amounts of personally identifiable
information
658. On 19 July 2018, CSA organised a briefing for relevant stakeholders in all CII sectors, and recommended that these stakeholders review their PII protection measures.


COI Report – Part V
Page 207 of 425

34.3 Raising of National Cyber Threat Alert Level
659. The National Cyber Threat Alert Level (“NCTAL”) provides the national level of alert in the cyber domain in Singapore, which is derived from the associated threats and the corresponding required responses. In anticipation of potential opportunistic attacks on sensitive systems by individuals or groups stemming from the media release about the Cyber Attack, CSA sought approval from the Chairman of CMG(Cyber)
43
on 19 July 2018 to raise the NCTAL on the day of the press conference, and CII sectors were instructed to adopt heightened defence measures as a precautionary measure.
34.4 Publishing advisories on protection and precautionary measures
660. SingCERT published two advisories on 20 July 2018. The first was a technical advisory on measures for the protection of customers personal data. This was tailored to companies and incorporated specific recommendations for companies to adopt, in order to protect their systems and networks from the MO of the attacker and the vulnerabilities that had been exploited. The second advisory on precautionary measures to take, in view of the SingHealth incident, was tailored to members of the public to encourage them to take precautionary measures to protect themselves from the misuse of the personal data that had been exfiltrated from SingHealth. In this advisory, SingCERT recommended that members of the public enable two-factor authentication (especially for users of e-government services and i-banking transactions, change their passwords (if their passwords had been derived from PII), and check for possible fraudulent transactions.
661. After SingHealth started sending out SMS messages to notify affected citizens, SingCERT received feedback that there were phishing SMS messages Crisis Management Groups (“CMGs”) support the Homefront Crisis Executive Group’s (“HCEG”) management of crises across different sectors of the nation. CMG(Cyber) is responsible for specifically managing cybersecurity incidents and implementing incident mitigation efforts during significant cyber incidents in Singapore.


Download 5.91 Mb.

Share with your friends:
1   ...   170   171   172   173   174   175   176   177   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy