Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page82/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   78   79   80   81   82   83   84   85   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019



COI Report – Part III
Page 93 of 425

16 THE ATTACKER – TOOLS AND COMMAND AND
CONTROL INFRASTRUCTURE
279. In the preceding section, the Committee presented its findings on the contributing factors which allowed the attacker to achieve its objectives more easily. In the next two sections, the Committee will present its findings on the attacker – its tools, command and control infrastructure, and profile as a skilled and sophisticated threat actor.
16.1 Customised and stealthy malware
280. The attacker made extensive use of advanced, customised, and stealthy tools throughout the attack, which effectively overcame and evaded the antivirus software and conventional security defences that were in place. The malware samples CSA analysed were either (a) unique variants that were not seen in-the- wild, and had not been detected by the standard anti-malware solutions deployed by SingHealth, orb) a mix of open source tools that were modified to provide stealth for the attacker.
281. A variety of custom web shells, tools, and unique malware were used in the attack. Early-stage tools were used to gain a foothold within the network.
Intermediate-stage tools, including some custom tools, were used to perform various tasks such as reconnaissance, privilege escalation and lateral movement. Remote Access Trojans, such as the abovementioned RAT 1 and RAT 2, were used to provide the attacker with full control over specific infected systems and to serve as backdoors to reenter the network. The wide range of tools and the fact that many of them were customised indicates that the attacker was well resourced, and possessed or was supported by developmental capabilities.
282. Notably, during the incident response, malware samples were given a cybersecurity company to develop malware signatures. The firm’s software was initially unable to detect the samples as being malicious. After CSA shared their initial malware analysis findings with the company, it was able to develop malware signatures in their antivirus solution for mass network-wide scanning.


Download 5.91 Mb.

Share with your friends:
1   ...   78   79   80   81   82   83   84   85   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy