Update 23 Dec 2019: Singapore cyberattack - Data of 100,000 defence personnel possibly stolen by hackers
Singapore Defence Ministry said in a statement hackers sensitive information held by two security force vendors that probably include names of the defence personnel, their identification numbers, a combination of contact numbers, email details and residential address.
A malware attack which targeted ST Logistics' systems which held the personal data of about 2,400 Ministry of Defence and Singapore Armed Forces employees. The other targeted security force vendor HMI Institute of Health Sciences' system contains the information of about 98,000 security force personnel.
In a statement, the Defence Cyber Chief Brigadier-General Mark Tan mentioned that even though MINDEF/SAF's systems and operations were not affected by the cyberattack, "The malware incidents in these vendor companies may have compromised the confidentiality of our personnel's personal data." In addition, he stated, "We will review the cybersecurity standards of our vendors to ensure that they are able to protect our personnel's personal data and information."
related:
Malware Incidents at HMI Institute of Health Sciences Pte Ltd & ST Logistics Pte Ltd
We refer to the malware incidents involving HMI Institute of Health Sciences Pte Ltd (HMI Institute) and ST Logistics Pte Ltd (ST Logistics)[1] which affected their systems containing personal data of Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) personnel.
HMI Institute is contracted by the SAF to conduct cardiopulmonary resuscitation and automated external defibrillator training for MINDEF/SAF personnel since 2016. ST Logistics is contracted to provide logistics services such as eMart retail and equipping services since 1999. Both vendors were provided with personal data of MINDEF/SAF personnel needed for the provision of their operations.
MINDEF and the SAF are working with the two vendors to investigate the impact of the malware incidents and the potential disclosure of personal data. For the HMI Institute incident, their affected system contained personal data of 120,000 individuals. This includes the full names and NRIC numbers of about 98,000 MINDEF/SAF personnel, as well as full names, NRIC numbers, contact numbers, email addresses, dates of birth and residential addresses of other HMI Institute customers. Preliminary investigations indicate that the likelihood of data leak to external parties is low.
HMI Institute Alerts Students and Applicants to Data Incident
HMI Institute of Health Sciences (HMI Institute) discovered a file server to be encrypted by ransomware on 4 December 2019. The affected server was immediately taken offline and isolated from the Internet and internal network. The affected server primarily contained backup information, and HMI Institute’s learning management system was not impacted. As such, daily operations of HMI Institute were unaffected and continued as usual.
Upon discovery of the incident, HMI Institute had immediately engaged a cybersecurity firm to conduct investigations. The findings so far show that the incident was a random and opportunistic attack on the file server. Also, based on the investigation findings of the cybersecurity firm, while the information in the affected server was encrypted, there is no evidence that it has been copied or exported, hence there is a low likelihood of a data leak. The affected file server has since been decommissioned from use. HMI Institute’s main student registry remains intact and unaffected.
The data backed up in the affected server totals approximately 120,000 individuals. Types of personal information includes some or all of the students’ and applicants’ data, such as full names, NRIC numbers, dates of birth, home addresses and email addresses, depending on the course enrolled or applied for. Amongst the affected individuals, approximately 98,000 are SAF servicemen who attended the Cardio Pulmonary Resuscitation (CPR) and Automated External Defibrillation (AED) course, whose full names and NRIC numbers were backed up in the affected server.
Data of 100,000 Singapore defence personnel possibly ‘compromised’
Singapore troops demonstrate urban assault techniques in an exercise in Australia. File photo: Australian Government Department of Defence
The personal data of about 100,000 Singapore defence personnel may have been leaked in yet another cyberattack in the city state.
Sensitive information held by two security force vendors, including full names, identification details, and a combination of contact numbers, email and residential addresses could be included in the potential data exposure, according to a statement published on the ministry’s website on Saturday.
ST Logistics’ systems, which suffered a malware attack, held the personal data of 2,400 Ministry of Defence and Singapore Armed Forces employees, while HMI Institute of Health Sciences’ system contains the information of about 98,000 security force personnel, the statement said.
related:
Personal data of 2,400 Mindef, SAF staff may have been leaked
The personal data of 2,400 Ministry of Defence (Mindef) and Singapore Armed Forces (SAF) staff may have been leaked through e-mail phishing by malicious malware.
The data leak occurred at a privately owned vendor of SAF and Mindef, ST Logistics, which is contracted to provide third-party logistics services such as eMart retail and equipping services for the SAF.
The data included the full names and NRIC numbers, and a combination of contact numbers, e-mail or residential addresses, Mindef said in a statement yesterday.
related:
Over 120,000 individual’s data compromised in two malware incident, including that of over 100,000 MINDEF/SAF personnel
The Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) have experienced malware incidents involving the personal data of several thousand MINDEF/SAF personnel as two of its vendors, HMI Institute of Health Sciences and ST Logistics, reported data breaches in their systems.
In a statement on 21 December, MINDEF said that HMI Institute of Health Sciences (HMI Institute) has been contracted by the SAF since 2016 and ST Logistics has been a vendor since 1999. Both were provided with the personal data of MINDEF and SAF personnel for the provision of their services.
On 21 December, HMI Institute announced in a statement that it discovered a file server that was encrypted by ransomware of 4 December which contained the personal data of over 120,000 individuals including full names, NRIC numbers, date of birth, home addresses and email addresses. Among those, approximately 98,000 are SAF servicemen who attended the Cardio Pulmonary Resuscitation (CPR) and Automated External Defibrillation (AED) course provided by HMI Institute.
Personal data of more than 6,500 people 'inadvertently' leaked by Singapore Accountancy Commission
The personal data of more than 6,500 people was "inadvertently" disclosed by the Singapore Accountancy Commission (SAC) - a statutory body under the Ministry of Finance (MOF).
The information disclosed included names, NRIC numbers, dates of birth, contact details, education and employment information, and Singapore chartered accountant qualification examination results," the commission said in a news release on Friday (Nov 22).
"The SAC takes a serious view of this incident, and deeply regrets this mistake," it said.
Passwords and usernames of staff from MOH, MOE and other agencies stolen and put up for sale by hackers
Group-IB revealed that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last two years.PHOTO: REUTERS
E-mail log-in information of employees in several government agencies and educational institutions, as well as details of more than 19,000 compromised payment cards from banks here, have been put up for sale online by hackers.
Russian cyber-security company Group-IB revealed on Tuesday (March 19) that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last two years. The compromised payment card information, which it said was valued at more than $600,000, was found last year.
According to a press release from Group-IB, the organisations involved include the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health and the Singapore Police Force, as well as the National University of Singapore.
AIA checks systems after portal containing personal data of over 200 people made publicly accessible
Insurance company AIA is running a check on all its systems after one of its web portals, which contained the personal information of more than 200 people, was found to be publicly accessible.
When The Straits Times visited the portal on Wednesday (Feb 27), it was found to contain the name, NRIC, gender, date of birth and contact numbers of 225 AIA agents, former agents and their family members, including children as young as two.
MOH: Confidential information regarding 14,200 individuals diagnosed with HIV leaked
Following an alert by the Police, the Ministry of Health (MOH) has ascertained that confidential information regarding 14,200 individuals diagnosed with HIV up to January 2013, and 2,400 of their contacts, is in the possession of an unauthorised person. It is said that the information has been illegally disclosed online and MOH has worked with the relevant parties to disable access to the information.
MOH in its statement wrote, “We are sorry for the anxiety and distress caused by this incident. Our priority is the wellbeing of the affected individuals. Since 26 January, we have been progressively contacting the individuals to notify them and render assistance.”
According MOH, the ministry was notified by the Police on 22 Jan that confidential information from MOH’s HIV Registry may have been disclosed by an unauthorised person. It then made a Police report on 23 January.
Confidential staff details of Singapore’s agencies, MOH, MOE and more leaked online for sale
On Tuesday (19 March), Russian cyber-security company Group-IB divulged its discovery of employees’ email log-ins and passwords from several government organisations on the dark Web since 2017.
On top of that, over 19,000 compromised payment card details, which was said to be valued at more than $600,000, were stolen last year and put up for sale online by the hackers. The press release issued by Group-IB mentioned that the organisations involved included the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health and the Singapore Police Force, as well as the National University of Singapore.
A Smart Nation and Digital Government Group spokesman informed The Straits Times that GovTech was alerted to the presence of e-mail credentials in illegal data banks in January this year.
Government accepts all data security recommendations by review committee; to roll out 80% by end 2021
The government will be rolling out recommendations from the Public Sector Data Security Review Committee in 80% of its systems by the end of 2021, and the remaining 20% by end of 2030.
In his reply to the committee’s recommendation on 27 November, Prime Minister Lee Hsien Loong said, “Data is the lifeblood of the digital economy and a digital government. We need to use and share data as fully as possible to provide better public services.
“In doing so, we must also protect the security of the data and preserve the privacy of individuals, and yet not stifle digital innovation.”
Quicker enforcement action for some data breach offenders: Singapore privacy watchdog
Quicker enforcement action could be taken against some companies that breach the Personal Data Protection Act (PDPA), Singapore’s data privacy watchdog announced on Wednesday (May 22).
The Personal Data Protection Commission (PDPC) said in a press release it is introducing a new expedited decision process to bring investigations on clear-cut data breaches to conclusion quickly. This process was based on feedback from stakeholders and data breach cases in the last four years, it said.
Those eligible for the new fast-track system must meet certain conditions:
- The nature of the data breach is similar to cases with precedent and with similar categories of facts
- There is an upfront admission of liability for breaching the PDPA by the organisation.
That Explain Why We Must Prioritise Cybersecurity
10 Major Data Breaches In Singapore
Data Breaches Have Been On The Rise In Singapore. Singapore was ranked the safest country in the world based on a report by the World Justice Project in 2018. However, it seems that data breaches are threatening our online safety.
In 2019 alone, there were 3 major data leaks that affected millions of Singaporeans. Over the years, there have been other high profile cases that you may have forgotten.
We revisit a few breaches that threatened Singapore since the ‘internet age’:
- MOH, MOE accounts sold on the dark web in 2019
- Blood-donors personal information exposed in 2019
- HIV data leak in 2019
- SingHealth got hacked in 2018
- MINDEF got hacked in 2017
- WannaCry Ransomware 2017
- K Box Data Breach in 2014
- SingPass leaks in 2014
- Anonymous attacks in 2013
- Y2K bug in 1999
read more
Government reviewing way it handles data following cases of mismanagement, breaches
Commuters using their phones on an MRT train. News about the data management review came after several recent cases of data mismanagement and breaches. PHOTO: ST FILE
The Government is reviewing the way it manages its data, following several cases of mishandled information & breaches
Details of this review are not yet available but a spokesman for the Smart Nation & Digital Government Group (SNDGG) said more information will be shared when ready.
Responding to queries from The Straits Times, the spokesman said on Friday (Mar 22): "The Smart Nation and Digital Government Office is currently reviewing the Government's management of data, and will share more when ready."
read more
Laws to tackle deliberate online falsehoods to be introduced in Parliament: PM Lee
Legislation to tackle deliberate online falsehoods will be introduced in Parliament on Mon (Apr 1), PM Lee Hsien Loong said on Fri (Mar 29).
Speaking at a gala dinner celebrating the 20th anniversary of CNA, Mr Lee said the Protection from Online Falsehoods and Manipulation Bill will be introduced for first reading in Parliament. This comes after the Government accepted the proposals from the Select Committee on Deliberate Online Falsehoods, which included legislation to tackle the problem.
The new Bill will give the Government the power to hold online news sources & platforms accountable if they proliferate deliberate online falsehoods, he said.
read more
Online news sites must publish corrections on fake news, take down false articles under proposed law: Lee Hsien Loong
A proposed law will require online news sites to publish corrections or warnings on fake news, or even remove such articles in extreme cases, said PM Lee Hsien Loong on Fri evening (Mar 29).
These changes to tackle the spread of fake news are part of the Protection from Online Falsehoods and Manipulation Bill, which will be introduced in Parliament on Monday.
The new Bill will give the Government the power to hold online news sources and platforms accountable if they proliferate deliberate falsehoods, Mr Lee said.
read more
Fake news laws to be tabled on Monday to hold online news sources, platforms accountable: PM Lee
Singapore’s imminent fake news laws will give the Government the power to compel online news sources and platforms to show corrections or display warnings about online falsehoods, and — in extreme and urgent cases — take down an errant article.
This will ensure that readers and viewers can “see all sides” to a piece of information, and “make up their own minds about the matter”, PM Lee Hsien Loong said on Fri (Mar 29), as he gave a heads-up on the Protection from Online Falsehoods and Manipulation Bill, which will be tabled in Parliament on Monday.
In more aggravated cases, the legislation will prevent the spread of deliberate falsehoods before “irreparable damage is done”, said Mr Lee, who was speaking at a dinner celebrating Channel NewsAsia’s 20th anniversary.
read more
Singapore Red Cross website hacked, details of almost 4,300 potential blood donors leaked
The names, contact numbers, e-mail addresses and declared blood types of potential blood donors were among the information that was compromised. PHOTO: SINGAPORE RED CROSS
More than 4,000 individuals have had their personal information leaked after part of the Singapore Red Cross' (SRC) website was hacked last Wed (May 8).
This is the latest of a string of data breach incidents affecting health-related organisations in Singapore.
The part of the SRC website affected was the section that recruits people interested in donating blood, it said in a statement on Thu (May 16).
read more
Personal info of 4,200-odd individuals compromised after Singapore Red Cross website breach
Details of more than 4,200 individuals who registered their interest in making blood donations on the Singapore Red Cross (SRC) website were accessed without authorisation on 8 May, the SRC said in a media statement on Thur (16 May).
SRC said that the compromised information of the 4,297 affected individuals includes their names, contact numbers, emails, declared blood types, preferred appointment dates/times and preferred locations for blood donation.
“No other information was affected. SRC’s other databases have not been compromised. The Health Sciences Authority’s (HSA) systems are similarly unaffected by this incident,” the statement said.
read more
Singapore Red Cross website hacked: Details of more than 4,000 potential blood donors leaked
The website of the Singapore Red Cross (SRC) was hacked, which led to a leak of the personal data of 4,297 people who had registered their interest to make a blood donation with the national blood donor recruiter
In a media statement on Thur (May 16), the SRC said that its web developer alerted it last Wednesday to an incident of unauthorised access to a part of its website that supports the recruitment of interested blood donors.
A police report was made on the same day and investigations are ongoing.
SRC is also investigating the matter to determine how the incident could have happened, and preliminary findings showed that a weak administrator password could have left the website vulnerable to the unauthorised access, it said.
read more
Login details of Singapore government email accounts found in ‘illegal data banks’
The logins & passwords of about 50,000 Singapore government email accounts were found in “illegal data banks” in January but most were outdated or "bogus addresses", said authorities on Thursday (Mar 21).
“GovTech was alerted to the presence of email credentials in illegal data banks in Jan 2019. These credentials comprise email addresses and passwords provided by individuals,” said a spokesman from the Smart Nation and Digital Government Group.
About 50,000 of the compromised details were government email addresses, the spokesman added, but only 119 of the addresses were still being used. The rest were "either outdated or bogus addresses", he said.
related:
Personal info of more than 800,000 blood donors exposed online by tech vendor
S'pore health system hit by ‘most serious personal data breach; PM Lee's data target
Cyber espionage group Whitefly behind SingHealth hack: Symantec
Deterrence, retaliation and arms control - a guide to tackling information warfare
Govt's data management under review following CHAS error, blood donor data leak
- FEMA error exposes 2.3 million disaster survivors to fraud: watchdog
- State-sponsored cyberattacks on banks on the rise
read more
Passwords and usernames of staff from MOH, MOE and other agencies stolen and put up for sale by hackers
Group-IB revealed that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last two years. PHOTO: REUTERS
E-mail log-in information of employees in several government agencies & educational institutions, as well as details of more than 19,000 compromised payment cards from banks here, have been put up for sale online by hackers.
Russian cyber-security company Group-IB revealed on Tuesday (Mar 19) that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last 2 years. The compromised payment card information, which it said was valued at more than $600,000, was found last year.
According to a press release from Group-IB, the organisations involved include the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health and the Singapore Police Force, as well as the National University of Singapore.
read more
Govt's data management under review following CHAS error, blood donor data leak
The Government's management of data is being reviewed in light of cases of information mishandling by IT vendors.
More details on the review will be shared when ready, said the Smart Nation and Digital Government Group (SNDGG) on Friday (Mar 22), in response to queries by Channel NewsAsia.
“The Smart Nation & Digital Government Office is currently reviewing the Government’s management of data, and will share more when ready," it said.
read more
Spate of MOH's slip-ups
Passwords and usernames of staff from MOH, MOE and other agencies stolen and put up for sale by hackers
E-mail log-in information of employees in several government agencies & educational institutions, as well as details of more than 19,000 compromised payment cards from banks here, have been put up for sale online by hackers.
Russian cyber-security company Group-IB revealed on Tuesday (Mar 19) that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last two years. The compromised payment card information, which it said was valued at more than $600,000, was found last year.
According to a press release from Group-IB, the organisations involved include the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health and the Singapore Police Force, as well as the National University of Singapore.
read more
Data leak: Several blood donor's information that was mishandled, now accessed illegally and possibly extracted
The vendor of Singapore's Health Sciences Authority (HSA), Secur Solutions Group (SSG) was accused of mishandling the data of more than 800000 blood donors in 2019. On Saturday the same group said that stated that the information, including names and NRIC numbers, went online was accessed illegally and probably extracted.
Personal Data Protection Commission (PDPC) informed HSA after they were alerted to the database vulnerability on March 13. Then the HSA contacted the SSF to remove the unsecured database from the Internet and then secured the information.
Initial investigations conducted by HAS claimed that other than the cyber experts, who identified the vulnerability, no other unauthorised person had accessed the online data.
read more
Blood donor data leak: HSA's vendor says information that went online was accessed illegally and possibly extracted
Secur Solutions Group (SSG), a vendor of the Health Sciences Authority (HSA) that mishandled the data of more than 800,000 blood donors earlier this year, on Saturday (Mar 30) said that information was accessed illegally and possibly extracted.
The information, which included names and NRIC numbers, was only secured on Mar 13 after a cybersecurity expert discovered the vulnerability and alerted authorities. Preliminary investigations by HSA showed that other than the expert who flagged the vulnerability, no other unauthorised person had accessed the database online.
Now SSG has said that its server was also accessed suspiciously from several other IP addresses.
read more
Personal data of 808,000 blood donors compromised for 9 weeks; HSA lodges police report
The personal data of more than 808,000 blood donors ended up on the internet in January by a vendor of the Health Sciences Authority (HSA)
The personal data of more than 808,000 blood donors ended up on the Internet in January — and was left there for nine weeks — by a vendor of the Health Sciences Authority (HSA), the authorities said on Friday (Mar 15).
The data was taken down two days ago and secured, after a cyber-security expert discovered the vulnerability & alerted the Personal Data Protection Commission.
HSA chief executive Mimi Choong said she was “deeply sorry” for the vendor's lapse and assured donors that the centralised blood bank system is not affected.
related: IT slip-up at HSA: Blood donors concerned, but will not stop giving blood
read more
Insecure Database Exposes 800,000 Singapore Blood Donors
The personal information of 808,201 blood donors who registered to donate since 1986 in Singapore was exposed after the database which contained it was left unprotected on an Internet-facing server for more than two months.
According to The Straits Times who first reported the data leak incident, Singapore's Health Sciences Authority (HSA) received the initial report on March 13 from the security expert who discovered the unsecured database. The HSA said in a notification sent to the affected donors that Secur Solutions Group Pte Ltd (SSG), an HSA vendor, was the company which failed to appropriately protect the database against access over the internet:
SSG provides services to HSA and was working on a database containing registration-related information of 808,201 blood donors: Name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height and weight. The database contained no other sensitive, medical or contact information.read more
Personal data of over 800,000 blood donors put online by vendor: HSA
The private information of more than 800,000 blood donors in Singapore was put online without authorisation by a Health Sciences Authority (HSA) vendor
The database contained information such as name, NRIC, gender, blood type and dates of blood donations and did not contain other sensitive, medical or contact information, the HSA said in a statement on Friday (15 March).
The authority said preliminary findings show that a cyber security expert discovered the vulnerability and alerted the Personal Data Protection Commission on Wednesday.
HSA then contacted the vendor, Secur Solutions Group (SSG), to disable access to the database, and made a police report.
read more
Singapore, January 2019: second health data breach in six months
This week it was revealed that confidential information belonging to 14,200 people diagnosed with HIV was stolen and leaked online in Singapore.
According to a statement published by the country’s Ministry of Health (MOH), the compromised personal data included names, contact details (phone number and address), HIV test results and other medical information of some 5,400 Singaporeans and 8,800 foreigners dating up to January 2013. The name, identification number, phone number and address of 2,400 individuals identified through contact tracing up to May 2007 were also included.
Authorities believe that the person behind the breach is Mikhy Farrera-Brochez, a 33-year-old US citizen who lived in Singapore between 2008 and 2016. He was convicted and jailed for fraud and drug-related offences in 2016 and was deported last year upon completion of his jail sentence.
read more
Singapore HIV registry data leaked online in health breach
Singapore issued a photo of US national Mikhy Farrera-Brochez, who they believe is behind the leak
Confidential data about more than 14,000 people diagnosed with HIV, including foreign visitors, has been stolen in Singapore and leaked online. Authorities revealed details about the 2016 health data breach on Monday. They believe an HIV-positive American whose partner was a senior Singaporean doctor is behind the leak.
The hack comes just months after the records of 1.5m Singaporeans, including Prime Minister Lee Hsien Loong, were stolen last year. Confidential information including names, addresses, HIV status and other medical information is reportedly included in the latest breach.
Officials say the details of 5,400 Singaporeans and 8,800 foreigners dating up to January 2013 have been compromised.
read more
HIV status of 14,200 people leaked online
Ler Teck Siang (foreground) leaving the High Court during his appeal against his conviction and sentence for cheating offences. (Photo: Gaya Chandramohan)
The doctor at the centre of the HIV data leak in Singapore could face further disciplinary action after his medical registration was suspended for nine months, the Singapore Medical Council (SMC) announced on Tuesday (Mar 12).
Ler Teck Siang was found guilty in September last year for helping his partner Mikhy Farrera Brochez deceive the Ministry of Manpower (MOM) about Brochez's HIV-positive status, and for giving false information to the Ministry of Health (MOH) and the police.
The suspension, which came into effect on Mar 7, was ordered by an Interim Orders Committee (IOC), said the SMC.
read more
MOH: IT error causes about 7,700 Singaporeans to receive wrong CHAS subsidies
The Ministry of Health (MOH) released a statement on February 16 (Saturday), saying that about 7,700 people who applied or renewed their Community Health Assist Scheme (CHAS) cards between September and October last year received miscalculated subsidies. The error was caused by a computer system malfunction. CHAS is an initiative by the government to provide healthcare subsidies to its members.
According to an article published by Channel NewsAsia, about 1,300 of the individuals affected by the software issue received lower subsidies while the other 6,400 got more than what was due to them. The excess and deficit amounts were estimated to be about S$2 million and S$400,000 respectively. The S$2 million will be covered for by NCS, the IT services and solutions provider who administered the computer system, as per their contract.
The individuals who received lower subsidies will have the lacking amount reimbursed. On the other hand, those who got an excess could keep the difference.
read more
SingHealth system hit by 'massive' cyberattack
In the wake of Singapore's worst data breach to date, members of the public need to be alert to scammers who may tap on these emotions to trick them into giving up even more personal information, warned cybersecurity experts.
The authorities revealed last Friday that hackers had accessed the personal information of some 1.5 million people who visited SingHealth's hospitals, specialist centres & polyclinics between May 1, 2015, and July 4 this year.
Experts that The New Paper spoke to said such incidents could lead to identity theft, fraud & social engineering attacks, which use human psychology to manipulate victims into revealing confidential information.
read more
Singapore, July 2018: the city-state suffers its largest data breach
Last summer Singapore was subject to the largest data breach in its history with 1.5 million patients to SingHealth’s specialist outpatient clinics affected by it, including Prime Minister Lee Hsien Loong and several ministers.
Personal information stolen included names, National Registration Identity Card numbers, addresses, gender and dates of birth. 160,000 patients had details related to outpatient dispensed medicines as well. A committee of inquiry (COI) was set in October to investigate into the events and contributing factors leading to the cyber attack.
During the COI, which finished on 30 November, it was established that intrusions into SingHealth's electronic medical records (EMR) system - a critical information infrastructure in Singapore - began undetected on June 27 but were discovered on July 4 and terminated by a database administrator at Integrated Health Information Systems (IHiS), the agency which runs the IT systems of all public healthcare institutions in Singapore.
read more
Singapore suffers largest data breach in its history: 1.5M affected
Singapore has suffered the most serious attack in the nation-state's history, impacting 1.5 million patients to SingHealth’s specialist outpatient clinics between 1 May 2015 and 4 July 2018.
The level of sophistication needed for such an attack narrows the possibilities of who was responsible, with the most likely scenario a state actor, with only a few countries housing the capabilities to carry out such an attack.
When pressed who the authorities believe was responsible, David Koh, CEO of cyber security agency of Singapore, apologised for not being able to disclose more, citing operational security reasons.
read more
Mindef hit by targeted cyber attack
The attack on Mindef’s Internet access system "appeared to be targeted and carefully planned”, said Mr David Koh, Deputy Secretary (Technology), Ministry of Defence at a media briefing on Tuesday (Feb 28). Photo: Ministry of Defence
A cyber attack on the system used at military premises to access the Internet has resulted in the theft of the personal data of about 850 national servicemen and Ministry of Defence (Mindef) employees.
The unprecedented breach, which took place in early February, was described by Mindef as appearing to be “targeted and carefully planned”, possibly with the intention of stealing official secrets. While classified military information was not compromised — this is stored on a separate and more secure system which is not connected to the World Wide Web — the personal data of I-net account holders comprising NRIC numbers, telephone numbers, and dates of births were stolen, said Mindef on Tuesday (Feb 28), as it apologised for the “inconvenience and potential harm” caused by the breach.
The I-net system provides Internet access to national servicemen as well as employees from Mindef and the Singapore Armed Forces for their personal communications, and allows them to surf the Internet via dedicated I-net computer terminals in the military premises and camps. Mindef said the affected personnel will be contacted within the week, and they will be advised to change their passwords for other systems that may use any of the stolen information. A special helpdesk will also be set up to assist these individuals.
read more
MINDEF Internet system breached; data stolen from national servicemen, employees
A breach in an Internet-connected system at the Ministry of Defence (MINDEF) earlier this month has resulted in the personal data of 850 national servicemen and employees being stolen, the ministry said on Tuesday (Feb 28).
No classified military data was stolen in the breach of the I-net system, MINDEF said. Classified military information is stored on a separate system that is not connected to the Internet and has more stringent security features, it added.
The I-net system is used by national servicemen and MINDEF employees to access the Internet via dedicated terminals in ministry premises and Singapore Armed Forces (SAF) camps.
read more
Hacking of Mindef system a 'covert' attack
The cyber breach on the Defence Ministry's I-Net system was "consistent with a covert attack, with means used to mask the perpetrator's actions and intent", Second Minister for Defence Ong Ye Kung said yesterday.
Investigations into the attack, which was discovered on Feb 1 and revealed on Feb 28, are ongoing, but "findings will be kept confidential for security reasons", he added.
Mr Ong was giving an update of the incident in Parliament, in response to questions from MPs Lim Wee Kiak and Vikram Nair, both from Sembawang GRC, and Non-Constituency MP Dennis Tan.
read more
Hackers broke into NUS, NTU networks in search of government, research data
Persistent hackers have broken into the networks of two universities in Singapore in a bid to steal government and research data.
The 2 attacks, discovered last month (April), against the National University of Singapore (NUS) and the Nanyang Technological University (NTU) are the first sophisticated attacks against universities here.
At a press conference on Friday (May 12), the Cyber Security Agency (CSA) of Singapore said the attacks were carefully-planned and were not the work of casual hackers.
read more
NUS, NTU hit by cyber-attacks aimed at govt and research data
The universities were hit by what is known as APT (advanced persistent threat) attacks. These are carefully planned cyber intrusions, and not the work of casual hackers. The malicious activity was uncovered during regular checks by NUS and NTU on their IT systems. FILE PHOTO
BREACHES to the IT systems of the National University of Singapore (NUS) and Nanyang Technological University were discovered last month, said the Ministry of Education (MOE) and Cyber Security Agency (CSA) in a joint statement on Friday.
The cyber-attacks, which appeared aimed at stealing government information and research documents, were what is known as APT (advanced persistent threat) attacks - carefully planned cyber intrusions executed over a considerable period of time, and which are not the work of casual hackers.
Singapore has faced APT attacks before, but this is the first time this kind of attack has been directed at institutions of higher learning.
read more
At least 2 NUS computers compromised in new attacks
A fresh round of cyber attacks has been made on National University of Singapore (NUS) computers, weeks after the discovery that hackers had broken into its networks - and those of the Nanyang Technological University - to steal government and research data.
The Straits Times learnt the attacks this week compromised the computers of at least two staff members, including a researcher involved in a security project funded by the Defence Ministry.
NUS Computer Science research fellow Prosanta Gope's computer was hacked on Tuesday after he clicked on a link in a "spear phishing" e-mail from a colleague whose computer was also hacked.
read more
Singapore universities hacked in attempt to steal government data
Hackers broke into IT systems in two of Singapore’s largest universities looking to steal government and research data, according to the Cyber Security Agency of Singapore.
The attacks on the National University of Singapore and the Nanyang Technological University were detected in April. They were Advanced Persistent Threats, where a hacker breaks into a network and remains there undetected for a long period of time with the intent of stealing data.
CSA has not revealed what data has been stolen, but in a statement said that the attacks are “carefully planned and are not the work of casual hackers. The objective may be to steal information related to government or research”.
read more
The Global Risks Report 2019
The information in this report, or on which this report is based, has been obtained from sources that the authors believe to be reliable and accurate. However, it has not been independently verified and no representation or warranty, express or implied, is made as to the accuracy or completeness of any information obtained from third parties.
In addition, the statements in this report may provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to a historical fact or a current fact. These statements involve known and unknown risks, uncertainties and other factors which are not exhaustive. The companies contributing to this report operate in a continually changing environment and new risks emerge continually. Readers are cautioned not to place undue reliance on these statements.
The companies contributing to this report undertake no obligation to publicly revise or update any statements, whether as a result of new information, future events or otherwise and they shall in no event be liable for any loss or damage arising in connection with the use of the information in this report.
read more
Top 5 Biggest Cyber Attacks in Singapore
Cybercrime is on the rise, stealthily targeting major institutions and wreaking havoc. Zetabytes of crucial data and millions of dollars are at stake. No one is safe, neither family offices in the US nor government institutions in Asia Pacific. The following notable attacks on Singapore further strengthen this point.
As one of the Asia Pacific region’s major technology hubs, highly-networked Singapore is vulnerable to cyber crime attempts. Add in the widespread use of digital banking, and it becomes a low hanging fruit for hackers. According to a report published by the Singapore Government, the Republic experienced 16 major/minor cyber attacks from April 2015 to June 2016. Sixteen attempts inside a year, means more than one attempt per month. Given that Singapore businesses and government institutions are becoming increasingly aware of the threat of cyber attacks; those are some pretty troubling numbers.
As one of the Asia Pacific region’s major technology hubs, highly-networked Singapore is vulnerable to cyber crime attempts. Add in the widespread use of digital banking, and it becomes a low hanging fruit for hackers. According to a report published by the Singapore Government, the Republic experienced 16 major/minor cyber attacks from April 2015 to June 2016. Sixteen attempts inside a year, means more than one attempt per month. Given that Singapore businesses and government institutions are becoming increasingly aware of the threat of cyber attacks; those are some pretty troubling numbers.
Below are the most significant cyber attacks that left the Lion City stunned:
- The Messiah: 2013 Singapore Cyber Attacks (October – December, 2013)
- K Box Data Breach (September 16, 2014)
- MINDEF Cyber Breach (February 1, 2017)
- WannaCry Ransomware (May 14, 2017)
- Petya Ransomware (June 28, 2017)
read more
The UN Global Cybersecurity Index (Cybersecurity Rankings For Countries)
The United Nations Global Cybersecurity Index (GCI) measures the commitment to cybersecurity for each country. It is currently evaluated through five pillars:
- Legal Measures
- Technical Measures
- Organizational Measures
- Capacity Building
- Cooperation
We have included a consolidated list of the Top 50 countries below, showing the Global Cybersecurity Index rankings for each country over the past 2 versions; Version 1 (2015) and Version 2 (2017).
read more
LIVE CYBER ATTACK THREAT MAP
ATTACKS TODAY (since 12AM PST) - 24,738,239
ATTACKS YESTERDAY - 27,080,141
read more
Global Cybersecurity Index
The Global Cybersecurity Index (GCI) is a trusted reference that measures the commitment of countries to cybersecurity at a global level – to raise awareness of the importance and different dimensions of the issue.
As cybersecurity has a broad field of application, cutting across many industries and various sectors, each country’s level of development or engagement is assessed along five pillars – (i) Legal Measures, (ii) Technical Measures, (iii) Organizational Measures, (iv) Capacity Building, and (v) Cooperation – and then aggregated into an overall score.
Based on a multi‐stakeholder approach and initiative, the GCI leverages the capacity and expertise of different organizations (see key partners below), with the objectives of improving the quality of the survey, fostering international cooperation, and promoting knowledge exchange on this topic. The ITU Global Cybersecurity Agenda (GCA) provides the general foundation and framework for the initiative.
read more
Cisco 2018 Annual Cybersecurity Report
“The cost of attacks is no longer a hypothetical number and cybersecurity should be made a top priority. According to study respondents in the 2018 Annual Cybersecurity Report, more than half of all attacks resulted in financial damages of more than US$500,000. Defenders cannot afford to stand still and watch as attacks become more sinister and destructive.”
read more
Internet Security Threat Report 2019
Symantec’s 2019 Internet Security Threat Report takes a deep dive into insights from the world’s largest civilian global intelligence network, revealing:
- Formjacking attacks skyrocketed, with an average of 4,800 websites compromised each month.
- Ransomware shifted targets from consumers to enterprises, where infections rose 12 percent.
- More than 70 million records stolen from poorly configured S3 buckets, a casualty of rapid cloud adoption.
- Supply chains remained a soft target with attacks ballooning by 78 percent.
- “Smart Speaker, get me a cyber attack” — IoT was a key entry point for targeted attacks; most IoT devices are vulnerable.
read more
Singapore is a top hacking nation
Forget about being a Smart nation or a startup country The city-state has made into the podium as one of the top ten attacking countries, based on data from (Threatmap). The website tracks malicious cyber-attacks across the globe and consistently ranked the top aggressors in cyber-attacks. One glance on the list of top ten attacking countries, one will find the great powers of the world pitting each other for glory and honors in the cyberspace.
However, a nation or rather a city-state stood out from the rest of big countries with likes of USA, Russia, UK, Germany and China. Surprise, surprise … the city-state is none other than Singapore. According to Threatmap, the island-nation is placed on the fourth position among the top attacking countries. Singapore has held the same position rather consistently over the past two weeks, which saw almost an average cyber-attacks of 14 million cases over the world daily.
The first place in the hit-list among the Singaporean hackers is reserved for USA and the city-state is likely to inflict its target with tons of malwares. By computation, Singapore’s favorite weapons of choice belongs to access to malicious resources at 61.7%, followed by bot communication at 30.3%, then malicious file transfer at 0.9% and others malwares at 7.1%. Meanwhile, the “numero uno” or first-place among the top attacking countries is conferred to Russia which infects other machines and global networks mostly with bot communications. Ironically, Russia is also placed consistently as the number one target by hackers all over the world.
read more
Full Coverage:
Data breaches dent Singapore’s image
Spate of Data Breaches In Singapore
Spate of MOH's slip-ups
HIV status of 14,200 people leaked online
MOH: IT error causes about 7,700 S'poreans to receive wrong CHAS subsidies
SingHealth system hit by 'massive' cyberattack
related:
Spate of Online Scams
Spate of NUS molestation cases
Spate of fires linked to charging of PMDs
Spate of maid abuse cases
Spate of Mishaps at crown Jewel
Spate of Scoot 'flight disruptions'
Spate of fires linked to charging of PMDs
Spate of maid abuse cases
Spate of Mishaps at crown Jewel
Spate of Scoot 'flight disruptions'
Spate of Teacher-Student Misconduct
Spate of SingPost 'service failures'
Spate of Data Breaches In Singapore
Spate of MOH's slip-ups
Spate of food poisoning cases
Spate of molestation and outrage of modesty
Spate of MRT disruptions
Spate of e-bike accidents
Spate of cars flipping over
Spate of facade cladding falling off
Spate of Escalator accidents
Spate of lift accidents
Spate of SingPost 'service failures'
Spate of Data Breaches In Singapore
Spate of MOH's slip-ups
Spate of food poisoning cases
Spate of molestation and outrage of modesty
Spate of MRT disruptions
Spate of e-bike accidents
Spate of cars flipping over
Spate of facade cladding falling off
Spate of Escalator accidents
Spate of lift accidents