Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page97/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   93   94   95   96   97   98   99   100   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part IV
Page 112 of 425

19.4 Further steps taken in respect of queries to the other two IP
addresses – 19 January 2018
316. As mentioned above, Benjamin found that commands were being made to two other IP addresses, which he believed erroneously to be from another foreign country. On 19 January 2018, Benjamin conducted further checks and found that a number of other workstations across PHI 1 were sending queries to similar IP addresses. Investigating further, he discovered that the Windows printer settings on the affected workstations were configured to send the queries. He instructed site engineers to remove these printer settings from the workstations, and there was no further traffic to these IP addresses thereafter.
317. At the material time, Benjamin had the understanding these IP addresses were foreign IP addresses. However, investigations into the Cyber Attack have since revealed that the queries to these IP addresses resulted from legacy printer settings that had not been removed. The queries to the IP addresses were thus not malicious.
318. It appears that Ernest had known at the time that the PHI 1 network previously used such IP addresses, and was thus of the view that these IP addresses were not suspicious. However, neither Ernest nor any other members of the SMD informed Benjamin of this at the material time.
19.5 Analysing process dump of the suspected malware – 20 January
2018
319. On the evening of 20 January 2018, Benjamin performed an analysis of a process dump
28
of the suspicious file that had been identified on the PHI 1 Workstation. The analysis was performed through an online service which Benjamin has explained that this refers to a memory dump of a particular process that is running on a computer.


COI Report – Part IV
Page 113 of 425

analyses suspicious files and facilitates detection of viruses, Trojans, worms and malware. This was done on his own initiative and without Ernest’s knowledge.
320. The online analysis returned a benign result. CSA has explained that the malware signature was not available publicly at the time, and the online check would thus not have been able to flag the process as malicious.

Download 5.91 Mb.

Share with your friends:
1   ...   93   94   95   96   97   98   99   100   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy