ZCZC
BFF-73
SINGAPORE-POLITICS-COMPUTERS-SECURITY-HACKING
Singapore cyber attack may be state-linked: minister
SINGAPORE, Aug 6, 2018 (BSS/AFP) – The biggest ever cyber attack to hit
Singapore was carried out by highly sophisticated hackers typically linked to
foreign governments, a cabinet minister said Monday, but did not give names.
Hackers broke into a government database and stole the health records of
1.5 million Singaporeans, including Prime Minister Lee Hsien Loong who was
specifically targeted in the “unprecedented” hack, the government has said.
“We have done a detailed analysis of this attack and have determined that
it is the work of an advanced persistent threat (APT) group,” Minister for
Communications and Information S. Iswaran said Monday.
“This refers to a class of sophisticated cyber attackers typically state-
linked who conduct extended, carefully planned cyber campaigns to steal
information or disrupt operations,” he told parliament, which discussed the
issue.
Iswaran said the APT group “was persistent in its efforts to penetrate and
anchor itself on the network, bypass the security measures and illegally
access and exfiltrate data”.
While the attack fitted the profile of “certain known APT groups”, Iswaran
said he would not publicly give any names for reasons of national security.
Hackers used a computer infected with malware to gain access to the
database between June 27 and July 4 before administrators spotted “unusual
activity”, authorities have said.
The compromised data includes personal information and medication
dispensed to patients, but medical records and clinical notes have not been
affected, according to the authorities.
Security experts had also earlier pointed to state-actors as the likely
culprit, citing the scale and sophistication of the hack.
Healthcare data is of particular interest to hackers because it can be
used to blackmail people in positions of power, Jeff Middleton, chief
executive of cybersecurity consultancy Lantium, told AFP last month.
Medical information, like personal data, can also be easily monetised on
criminal forums, said Sanjay Aurora, Asia Pacific managing director of
Darktrace, a cyber security firm.
Iswaran, who is also the minister in charge of cyber security, has
convened a committee of inquiry to look into the hack.
“We will do our utmost to strengthen our cyber security. But it is
impossible to completely eliminate the risk of another cyber attack,” he
said.
“This is an ongoing battle with potential cyber attackers who are
constantly developing their capabilities and seeking out new
vulnerabilities.”
Iswaran said the attack will not derail the affluent and highly-wired
city-state’s ambitions to become a “smart nation” through the extensive use
of technology in daily activities and transactions.
BSS/AFP/ARS/1946 hrs