Singapore Hack – How Did it Happen and Could it Have Been Prevented?

The Singapore government today reported that hackers have stolen personal data belonging to some 1.5 million people, calling it "the most serious breach of personal data" the country had experienced. The attackers broke into the government health database, stealing personal data including names, addresses, and dispensed medicines. According to the statement, the hackers gained access to the database through a computer that was infected with malware.

Although we don’t know the details of how the computer was compromised, the malware must have been delivered through email or drive-by-download. Assuming that SingHealth, the government healthcare group that was breached, had anti-malware solutions in place, why was the malware still able to infect the computer?

The reality is that while traditional anti-malware solutions are able to identify the bulk of malware, they are not able to detect 100%. For instance, zero-day threats that exploit unknown computer security vulnerabilities are sometimes able to bypass traditional defenses since the threats are still unknown.

Even though several technologies exist to detect this type of unknown malware, including sandboxing, heuristics and machine learning, hackers are now increasingly using evasion techniques to avoid detection by these methods. According to research by Security Week, 98% of malware used at least one sandbox evasive tactic, with 27% of the malware evading detection when using a single sandbox.

How the Attack Could Have Been Prevented

So how can you protect your organization against this type of malware? The answer is that in addition to malware detection which can effectively block the majority of threats, you also need malware prevention to stop any potentially undetected threats. This prevention should not rely on detection: rather than trying to decide whether a file is ‘good’ or ‘bad’ and then taking the appropriate action, it is important to ensure that files and email attachments simply cannot contain any malicious elements.

Content disarm and reconstruction (CDR) is a technology that effectively ‘disarms’ files and email attachments by removing any potentially harmful scripts, macros and embedded objects from Microsoft Office, PDF and other files. The files are then reconstructed, producing clean and safe files while maintaining usability. With hackers increasingly using unknown or zero-day threats that can potentially bypass traditional anti-malware defenses, using CDR in addition to your anti-malware solutions is the most reliable way to ensure the safety of files and protect your company from costly data breaches and business disruptions.

OPSWAT are developers of MetaDefender, an advanced threat prevention platform that utilizes CDR as one of its main technologies to protect organizations from malware threats.

For more information, please contact one of our cybersecurity experts.

Sign up for Blog updates!
Get information and insight from the leader in advanced threat prevention.