COI Report – Part VII
Page
267 of
425 37.5 Application security for email must be heightened as it is the most common attack vector for cyber attacks 775. It starts with one email – malicious emails are, by far, the weapon of choice for cyber attackers. The Cyber Attack has reaffirmed the fact that emails are the most common intrusion vector,
62
and that stepped-up measures are essential to defend against this threat.
776. CSA’s hypothesis was that the initial intrusion into
the SingHealth network was via a phishing email. CSA was unable to determine conclusively what the source of the initial infection was, but based on a phishing email sent on 18 July 2018 when the attacker attempted to regain a foothold in the
SingHealth network, CSA’s hypothesis was that the attack vector was a phishing email containing malicious code.
777. While we acknowledge that no security solution can be 100%
effective, the successful phishing attack in 2017, and the fact that in the Cyber Attack similar emails laden with malicious code passed through email security filters and reached the inboxes of a number of recipients in SingHealth institutions, necessitates an urgent review of email security measures that are in place.
778. According to Leong Seng, SingHealth email systems are managed centrally by IHiS with multilayered preventive measures including a)
Antivirus, anti-spam, and attachment blocking technology, which filters emails
that may pose security risks, analyses attachments, and scans macros in attachments b) URL rewrite technology to detect malicious URLs and render them benign and An intrusion vector,
or attack vector, is a path or means by which an attacker can gain access to a computer or network in order to deliver a payload or malicious outcome.
