Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

SingHealth Cyber-Attack: Just Another Brick in the Wall?

July 27, 2018

  • Blog
  • Archive
SingHealth Cyber-Attack The habit of building walls around our infrastructure and assuming that will be enough, the Fortress Mentality, is well understood and should be something that’s only a small part of our overall cybersecurity strategy. It’s clear, however, from the many high-profile cybercriminal attacks that it’s still being used in many environments. Healthcare organizations continue to be a source of concern. While it’s hard to find a hospital or clinic you can walk into without being directed to use the hand cleaner on the wall, it’s still relatively easy for hackers to gain access to their environments as IT has been a secondary focus in these environments, cybersecurity has (until recently) been even further down the list. The recent attack on SingHealth, the largest healthcare group in Singapore, reinforces the common attack vector we are seeing everywhere. The initial entry is made via a relatively unprivileged workstation, i.e. someone’s desktop, and from there access to a privileged account is obtained often through cached credentials on the system. It often overlooked that when a Domain Administrator logs into a Windows desktop, for example, to provide support that the credentials for that account are cached on the system. When those systems are also either not kept up to date with patches and updates or even found to be running unsupported operating system versions, it’s relatively easy to find a vulnerability that will give the appropriate access to those cached credentials and then we are into a classic Pass-the-hash attack. Early data for the SingHealth breach seems to indicate this kind of attack vector although it’s being identified as a very targeted attack by a state-sponsored group. This can be addressed through some smart approaches to managing cybersecurity that not only increase protection but also help simplify the security model, making management, planning, and response much easier and more effective. Starting by addressing the vulnerabilities with known exploits will, in many cases, reduce the attack surface significantly as even state-sponsored hackers use hacking toolkits. It’s rare to find attacks making use of entirely new vulnerabilities without published exploits as it’s a lot of work. While there are occasional, highly-targeted attacks, the vast majority are the result of well-known exploits and entirely preventable. Make sure your vulnerability management solution (VMS) allows you to quickly identify those vulnerabilities with well-known exploits and provide you with clear information on how to fix them. Retina CS Enterprise Vulnerability Management does just that. Once the hacker has access to a highly-privileged account there is only one way to address that and prevent a Pass-the-hash attack, make sure the privileged account credentials have changed since they were cached. Use of a privileged password management solution, such as PowerBroker Password Safe, ensures that each time a privileged credential (like a Domain Administrator account) is used the password will be changed rendering those cached credentials useless. Two simple steps that can be taken to help you avoid being tomorrows headline without impacting your productivity or breaking the bank. Cybersecurity is definitely a function of your organization that should be approached as “Why wouldn’t you do it” rather than “Why would you”. For a customized strategy session, contact us today.

Brian Chappell

Director, Product Management

Brian has more than 25 years of IT and cybersecurity experience in a career that has spanned niche system integrators, PC and Software vendors, and high-tech multi-nationals. He has held senior roles in both the vendor and the enterprise space in companies such as Amstrad plc, BBC Television, GlaxoSmithKline, and BeyondTrust. At BeyondTrust, Brian leads the Product Management of the flagship Password Safe product globally, ensuring the delivery of a world-class, industry-leading Privileged Password and Session Management solution. Brian can also be found speaking at conferences, authoring articles and blog posts, as well as providing expert commentary for the world press.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.