Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page242/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   238   239   240   241   242   243   244   245   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 298 of 425

40
RECOMMENDATION #5: PRIVILEGED ADMINISTRATOR
ACCOUNTS MUST BE SUBJECT TO TIGHTER CONTROL
AND GREATER MONITORING
#PREVENTION VIGILANCE
864. Privileged accounts on a network are prime targets for malicious exploitation. According to the CIS
74
: The misuse of administrative privileges is a primary method for attackers to spread inside a target enterprise…[a] common technique used by attackers is elevation of privileges by guessing or cracking a password for an administrative user to gain access to a target machine. If administrative privileges are loosely and widely distributed, or identical to passwords used on less critical systems, the attacker has a much easier time gaining full control of systems, because there are many more accounts that can act as avenues for the attacker to compromise administrative privileges
865. The abuse of privileged access is therefore at the core of many cyber attacks because privileged accounts have more authority and access to resources, which simplifies the achievement of an intruder’s goals. Windows domain administrator credentials potentially allow an attacker to gain access to all servers in a domain, while server local administrator accounts provide unrestricted access to individual servers.
866. Compromised privileged credentials have been revealed as a primary attack vector in the Cyber Attack. Privileged credentials were used by the attacker to move about in the network, after the initial intrusion, in its hunt for valuable assets.
74
CIS Controls Version 7, at CIS Control 4.


COI Report – Part VII
Page 299 of 425

867. Examples of the compromise and abuse of privileged accounts include the use of local administrator accounts the SA. account and the LA. account to login to Citrix Servers 1 and 2. Furthermore, the DA. account was compromised, since it was observed to have been used in an attempt to login to the SCM database, when it was not being used by its authorised user.
868. IHiS was aware that their systems were vulnerable to the risk of privileged passwords being compromised. The FY GIA Audit Report had, in fact, highlighted the vulnerability created by weak control of privileged accounts in the SingHealth network. The report stated that the penetration testers had successfully exploited the vulnerability and obtained full domain administrator control of the servers in the SingHealth network domain. In the FY GIA Audit Report, GIA had highlighted the dire consequences when this vulnerability is exploited (see also paragraph 1072 (pg 368) below.
869. GIA had highlighted that the weak control of privileged accounts stemmed from bad password compliance policies – passwords being used were very simple the non-complex passwords used could be easily guessed or cracked with readily available password cracking tools. Recommendations were made to
IHiS for remediation, but unfortunately, these were inadequately complied with.
870. The following area series of measures to mitigate the risk of privileged account abuse.

Download 5.91 Mb.

Share with your friends:
1   ...   238   239   240   241   242   243   244   245   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy