Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page229/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   225   226   227   228   229   230   231   232   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 278 of 425

(a) Unusual database activity – Abnormal database activity can be caused by either internal or external attacks. Signs to watch for include changes in users, changes in permissions, bulk queries, and unusual data content growth. b) Account abuse – The abuse of privileged accounts is a common sign of an attack. Signs to watch for include modified audit trails, deleted logs, unauthorised access, and unnecessary accessing of sensitive information. c) Changes in account privileges – Unexplained changes in account privileges area sign that an attacker is trying to gain access to the network using a user’s credentials. Other signs include users accessing accounts at odd hours, accessing remotely, having multiple failed attempts to login, and deviations from the usual pattern of usage between a user and a particular device. d) File changes – Changes in file configuration, including files being replaced, modified, added, and deleted, without explanation, are classic signs of a data breach, as it indicates that somebody has infiltrated the network. e) Suspicious network behaviour – Another sign of an attempted infiltration from external sources is unusual network behaviour. Employees must be able to identify traffic with odd origins or targets, unusual ports or protocols being accessed, unexplained changes in network performance, and unauthorised scans.
810. Further details on how all IT staff need to be involved in incident detection and response is also found in our recommendation on improving incident response processes to effectively respond to cyber attacks (Recommendation #6).


COI Report – Part VII
Page 279 of 425

39 RECOMMENDATION
#4:
ENHANCED
SECURITY
CHECKS MUST BE PERFORMED, ESPECIALLY ON CII
SYSTEMS
#PREVENTION #VIGILANCE
811. A proactive strategy of discovering security vulnerabilities, misconfigurations, potential attack vectors, and even the presence of attackers lurking within the network, must be implemented, especially in relation to CII and mission-critical systems. Such a strategy should involve the use of five measures (a) vulnerability assessments (b) safety reviews, evaluation and certification of vendor products (c) penetration testing (d) red teaming and (e) threat hunting.

Download 5.91 Mb.

Share with your friends:
1   ...   225   226   227   228   229   230   231   232   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy