Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page64/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   60   61   62   63   64   65   66   67   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part III
Page 71 of 425

through one of these hitherto unknown footholds to create the malware, even while IHiS was actively implementing measures to contain the Cyber Attack and to monitor the system for malicious activity and b) Second, the attacker was still active and trying to reestablish control of the network.
209. After detection of malware on and communications from the SP. server,
CSA recommended that internet surfing separation should be implemented, because this would be effective in preventing communications between elements in the SingHealth IT network and the attacker’s C servers, thus preventing the attacker from exercising command and control over any remaining footholds it may have in the network. Internet surfing separation was implemented at am on 20 July 2018. No further signs of malicious activity were detected thereafter.

15 CONTRIBUTING FACTORS LEADING TO THE CYBER
ATTACK
210. In the course of the enquiry, the Committee has heard of a host of preexisting vulnerabilities, weaknesses, and misconfigurations that contributed to the Cyber Attack, in the sense that they were exploited or may have been exploited by the attacker in the course of the Cyber Attack. The Committee also heard evidence on circumstances which gave rise to or otherwise contributed to some of these vulnerabilities, weaknesses, and misconfigurations, and earlier opportunities in which some of them could have been remedied by IHiS prior to the attack. The Committee will present its findings on these matters in this section.



COI Report – Part III
Page 72 of 425

15.1 Network connections between the SGH Citrix servers and the
SCM database were allowed
211. At the time of the Cyber Attack, network connections between SGH Citrix server farm to the SCM database server at HDC were allowed (this network connectivity has been referred to in the proceedings as the open network connection. The network connection was a critical pathway to the SCM database, over which the attacker was able to make SQL queries to and retrieve data from the SCM database. The Committee accepts the Solicitor-General’s submission that but for this open network connection, the SCM database was adequately protected within the H-Cloud perimeter defences, and the attacker would not have been able to access the SCM database as easily.
212. These facts raise the issue of why the network connection was maintained. The Committee has heard evidence that during migration of the SCM system to the H-Cloud in June 2017, network connectivity between the SGH Citrix servers to the SCM database was required. After the migration in June 2017, the SCM infrastructure at SGH was decommissioned, but the network connection remained. This was because the SGH Citrix servers were used to host (i) administrative tools used for administering and managing SQL databases, including the SCM database in H-Cloud, and (ii) custom applications used by staff to query and retrieve data from the SCM database. These administrative tools and custom applications made use of the open network connection to perform their functions.
213. The administrative tools were hosted on the SGH Citrix servers as a matter of operational efficiency and not necessity. These tools were not used solely to administer the SCM database, but were also used to administer other SQL databases servers that were hosted in SGH and not H-Cloud. By hosting the tools on the SGH Citrix servers and maintaining network connectivity with the SCM database, the same set of tools could be used by administrators across all relevant SQL databases. Lum has clarified that this was not strictly necessary, as separate sets of tools could have been hosted on the H-Cloud Citrix servers (to service the
SCM database, and on the SGH Citrix servers (to service the other SGH


Download 5.91 Mb.

Share with your friends:
1   ...   60   61   62   63   64   65   66   67   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy