Profile picture
Costin Raiu
@craiu
, 10 tweets, 4 min read Read on Twitter
Today, Singapore gov published a large, thorough, 450+ pages analysis report on the Health Services Private Ltd hack. Here's a summary analysis highlighting the most interesting findings. Full report is available at: mci.gov.sg/coireport
The attackers breached Singapore Health Services through a vulnerability in Outlook. Although a patch was available, the systems were not updated. As a side note, it is quite rare that we see attackers exploiting vulnerabilities in Outlook.
Once on the host, the attackers collected passwords and began moving laterally. Some of the passwords were weak and their hashes easily crackable by tools such as @hashcat. Sadly, ‘P@ssw0rd’ is way too common in IT environments.
On the initial host, the attackers deployed a couple of malicious PowerShell scripts, some of them disguised as JPG files. One was a modified post exploitation open source tool.
In addition to PowerShell malware, the attacker leveraged some custom malware. The report calls it RAT 1 and RAT 2. Most of the initial compromise happened by December 1, 2017.
The attackers used an extensive C2 infrastructure, for infection, exfiltration and beaconing/heartbeat checkins. These were "overseas" servers, unfortunately the report doesn't contain the IPs.
The attacker had a clear goal in mind, namely the personal and
outpatient medication data of the Prime Minister in the main, and
also that of other patients. Their actions were targeted and specific, showing technical competence and mission-orientation.
The report includes a couple of mitigation strategies, which include: implementing a patching strategy, using stronger passwords, disable PowerShell a.s.o. Nevertheless, I like this reality-check type statement: "While our cyber defences will never be impregnable..."
A large amount of these recommendations match the Austrlian Signals Directorate @ASDGovAu top 35 mitigation strategies to fight targeted attacks. It's never too late to start implementing them: securelist.com/how-to-mitigat…
Overall, excellent work preparing the report, analysis, recommendations and releasing it to the public. Kudos for transparency!
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Costin Raiu
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
Gov. Michelle Lujan Grisham
@GovMLG
Today I released my first executive budget proposal ahead of the 2019 legislative session. My administration is taking the steps to put our priorities into policy and realize a transformed New Mexico, including a moonshot for public education. #PEDMoonshot
My budget proposal includes more than $500 million in additional funding for public education, a true moonshot for New Mexico’s students, educators, parents and communities, including a pay increase for teachers, principals and education personnel. #PEDMoonshot
It includes $113 million to increase the at-risk index in the funding formula to ensure that New Mexico is no longer underfunding quality public education for low-income, Native American & Hispanic students, English-language learners, and students with disabilities. #PEDMoonshot
Read 6 tweets
Profile picture
David Robson
@d_a_robson
Are you making New Year's Resolutions? There's tons of pressure in the media to change your lifestyle - but #psychology research shows that these messages can backfire badly - harming your health - so here's a short thread summarising the most interesting findings #NewYearsDay
(|1) Lots of diets/fitness regimes play on a sense of guilt - about what you're eating/how much exercise you do/screen time/stress levels. But there's tonnes of evidence that feelings of guilt can actually make you MORE likely to fail in your goals etc. bbc.com/future/story/2…
(2) Guilt increases cravings, and depletes feelings of self-control - a bad combination! It also triggers the "what-the-hell" response, so a small lapse means that all your good intentions have been in vain, but one piece of cake can't ruin all that good work! #resolutions2019
Read 10 tweets
Profile picture
Orin Kerr
@OrinKerr
I've tweeted a bit recently about my small collection of antiquarian law books, Here's one more, although not a law book: instead, an original copy of William Lloyd Garrison's abolitionist newspaper, "The Liberator," from December 14, 1849. (Quick thread)
"The Liberator" was an abolitionist newspaper published on a weekly basis from 1831 to 1865. You can read about it here. en.wikipedia.org/wiki/The_Liber…
Although I have the full issue, I mounted it in a frame with just the 1st page showing. The 1st page has some fascinating stories, such as this report of an argument in the Court of Common Pleas about a case trying to end school desegregation in Boston.
Read 13 tweets
Profile picture
Luke Cooper
@lukecooper100
Long Brexit survey from YouGov with some interesting findings. Full results well worth looking at. It confirms the now standard pattern of a consistent Remain lead but with a still stubbornly high Leave vote (53 vs 47%). However... /1

d25d2506sfb94s.cloudfront.net/cumulus_upload…
There is a big decline in support for a 'no deal Brexit' which now stands at 27% (down from 38% in the poll from the earlier in the month) /2
This suggests the extremely negative economic implications of 'no deal' are beginning to cut through to parts of the Leave electorate /3
Read 10 tweets
Profile picture
Stuart Budd #PeoplesVote 🇬🇧🇪🇺❄️
@StuartBudd1
1/
 . @neil_parish MP for Tiverton & Honiton

When you voted to trigger A50 you knew that the
Govt ref. leaflet sent to every household did not mention the
Good Friday Agreement & how leaving the EU will impact it.

Why did you vote to trigger A50?
Ken Clarke MP didn't.

#FBPE
2/
 @neil_parish MP for Tiverton & Honiton

When you voted to trigger A50
you knew that regulatory alignment would be required for
Northern Ireland, as highlighted by the phase 1 report from 2017,
requiring both the SM & CU.
Does it not make sense to stay in the CU & SM?

#FBPE
3/
 @neil_parish MP for Tiverton & Honiton

When you voted to trigger A50
you knew that it would have customs implications for everything from cars to fresh food.

If there is no deal how long will supermarkets have fresh produce on their shelves?

independent.co.uk/news/business/…

#FBPE
Read 27 tweets
Profile picture
Catherine Walsh
@gurriersread
Except you don't have the consciousness to do that- only what you've, perhaps, been programmed to register, process, or maybe transmit/emit. Here in #Ireland on the other hand there are 💚s everywhere hoping to #repealthe8th #LISTENUP #Focus on #Caring #Now to ensure #legislation
2/ to #repealthe8th or/& make #abortion in #Ireland a #legal #safe #clinical #option for women, regardless of socio-economic circumstances.
3/ Think you want to **Repeal the 8️⃣️th** 💚s? This is a sane quote from here, Ireland, today:"The dissolution of the Dáil would see the simultaneous dissolution of all Oireachtas Committees. ---
Read 12 tweets

Trending hashtags

#Israel #actions #signals #email #womanpower #Europe #Question #IDF #NHS #report #emails #habits #here #backstop #Focus #Interesting #FBPE #Report #motivation #today #Constitution #BirthrightCitizenship #psychology #Blowup #ausedfxon18

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!