On 7 March 2019, Symantec in a report said that the hackers that illegally accessed the SingHealth's database in 2018 was the work of a group called Whitefly (refer to our posting on 30 Jan 2019 titled SingHealth Data Breach).
The report states the following:-
Whitefly is a state sponsored group and has been in operation since 2017. Symantec qualified in the report that they have not been able to identify for certain which state or organisation is directing or funding this group. Whenever an 'asset' or organisation in the western world are 'attacked', their intelligence agencies would always claimed it is the work of either one of the normal 'trio' of rogue states i.e., China, North Korea or Russia. hmmm.....wondering.....
it is likely a small- to medium-sized team as they focused only on a limited number of targets in a single country,
it targets organisations across a range of sectors based mostly in Singapore,
the attack on SingHealth was not a one-off attack, but part of a wider pattern targeting organisations in Singapore in the healthcare, media, telecoms and engineering sectors
The report also described how Whitefly launched targeted attacks against multiple organizations with most of these organizations based in Singapore, some of which were multinational organizations with a presence in Singapore, and how it compromises its victims.
In the section titled 'Links to other attacks', the report mentioned that some of the tools that Whitefly has used in its attacks have also been deployed in other targeted attacks outside Singapore in attacks against defense, telecoms, and energy targets in Southeast Asia and Russia.
With these findings, albeit by a 3rd party and the investigation being unsolicited, can the cybersecurity provider who was fined by the authorities in Singapore for the breach, seek restitution and a reversal of the findings against them by the authorities in Singapore? The provider can't possibly be faulted as their Service Level Agreement (SLA) does not guarantee that SingHealth would not be hacked. This is akin to the provider being appointed to equip and trained the organisation in preparedness of a war. Despite that, there is an aggressor state who is hell bent on starting a war. Is it fair to hold the provider negligent and liable when there is a nation state who regardless of your preparedness, still want to go to war with you?
Now to the understanding of Whitefly. According to Wikipedia, whiteflies are small insects, so small that they can enter even the finest mesh that many of their natural enemies cannot come in after them. Left unchecked, whitefly populations can multiply rapidly and control is difficult and complex, as whiteflies rapidly develop resistance to chemical pesticides. Does this explains why this hacker group used such an apt name?
Comments