COI Report – Part III
Page
96 of
425 even after its attack was thwarted on 4 July 2018, the attacker reentered the system on 19 July 2018 through an earlier established foothold and sought to reestablish control over the network (see section 14.7 (pg 70) above. db The attacker was a well-resourced group,
having an extensive C network, the capability to develop numerous customised tools, and a wide range of technical expertise.
287. Our cyber defences will never be impregnable. The skill and sophistication of the attacker has been recognised by the Solicitor-General, CSA, and all the interested parties. The expert witnesses
also noted that an APT, given enough time, will breach the perimeter of any network. However, it is vital to note that while it maybe difficult to prevent an APT from breaching the
perimeter of a network, the success of the attacker in obtaining and exfiltrating the data in this attack was not inevitable. In this regard, the Solicitor-General has rightly pointed out two key considerations a) First, the attacker was stealthy but not silent, and signs of an attack were observed. As will
be discussed in the next Part, these signs were not acted upon either because of (i) the relevant staffs inability to recognise that an attack was ongoing or (ii) inaction on the part of the staff responsible for responding to attacks. Had they taken appropriate action, the attacker could have been stopped before it achieved its objectives. b) Second, as explored in this Part,
there were vulnerabilities, weaknesses, and misconfigurations in the SingHealth network and
SCM system that contributed to the attacker’s success in obtaining
and exfiltrating the data, many of which could have been remedied before the attack. Doing so would have made it more difficult for the attacker to achieve its objectives.
