HKCert
Security Blog

Sensitive database breached. Everyone should check your system security.

Release Date: 23 / 07 / 2018
Last Update: 23 / 07 / 2018

Last week, a database of Singapore medical groups was being hacked, and about 1.5 million of patients record was leaked. According to the investigation, the intrusion is a type of targeted attack. It used an internet-facing computer as an intrusion gap, gradually invades, and finally reaches the database and accesses the sensitive information. The incident brings out the importance of the concept of "Security by Design". The hackers often start from the weakest part and the most accessible part of the system. The organization should consider and take corresponding security measures.

 

The following are recommendations issued after the investigation of the Cyber Security Agency of Singapore (CSA). It is recommended that organization should review their computer systems and remain vigilant about suspicious activity. These measures are applicable on security and protection of the servers:

 

  1. Review the Domain Administrator Account
    Domain administrators have full control over the domain. View and strictly manage your domain administrator account and remove inactive accounts when it is no longer in use.
     
  2. Disable the Computer's PowerShell
    PowerShell (PS) could be exploited to execute malicious commands and scripts. Consider disabling PowerShell if it is not required.
     
  3. Monitor for Unauthorized Remote Access or Database Access
    Keep eyes on suspicious SQL queries, especially those that have a lot of information related to the size of the database. Remote access should have a strong login password and be limited to authorized users only.
     
  4. Tighten the Control for Long-running or Decommissioned Endpoints
    Monitor long-running servers (such as 24-hour computers) for signs of infection. Take the decommissioned server offline when it is no longer in use, as attackers could exploit these endpoints which may have outdated software and virus definitions.
     
  5. Employ Strong Endpoint Protection
    Consider enterprise-wide application white-listing for the general users. Users will be limited to the execution of other applications, including blocking malware that antivirus software may not have defined for.
     
  6. Keep the system up-to-date
    Apply software updates and security patches timely to fix known vulnerabilities that could be exploited by an attacker or malware.