Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page85/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   81   82   83   84   85   86   87   88   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part IV
Page 97 of 425

Part IV – Incident response by IHiS up to 10
July 2018
TABLE OF CONTENTS – PART IV

18
PRELIMINARY MATTERS .......................................................................... 101
18.1
Introduction to this Part ............................................................................... 101 Key witnesses from IHiS and SingHealth ................................................... 101 Knowledge of and preparedness against APTs as at June 2018 .................. 104 Timeline of events ........................................................................................ 107
19
EVENTS OF JANUARY 2018 ........................................................................ 109
19.1
Detecting malware on the PHI 1 Workstation and callbacks to suspicious IP addresses – 18 January 2018 ........................................................................ 109 Blocking and monitoring of suspicious IP addresses and re-imaging the PHI
1 Workstation – 18 January 2018 ................................................................ 110 Discovering multiple attempts from Workstation A to communicate with the same suspicious foreign IP address – 19 January 2018 ............................... 110 Further steps taken in respect of queries to the other two IP addresses – 19 January 2018 ................................................................................................ 112 Analysing process dump of the suspected malware – 20 January 2018 ...... 112 Concluding investigations without further escalation – 22 January 2018 ... 113 Assessment of IHiS’ incident response in January 2018 ............................. 114
20
EVENTS OF 11 JUNE 2018 ............................................................................ 116
20.1
Detecting failed logins to the SCM database and changing of passwords for the DA. account .......................................................................................... 116 Detecting unusual logins to Citrix Server 1 using the LA. account ............ 117 Discovering that Citrix system event logs for Citrix Server 1 were deleted 118 Changing passwords to the LA. accounts on all SGH Citrix servers ......... 119 Discovering that malware was detected earlier on Citrix Server 1 .............. 119 Assessment of IHiS’ incident response on 11 June 2018 ............................ 120

Download 5.91 Mb.

Share with your friends:
1   ...   81   82   83   84   85   86   87   88   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy