An advanced hacking operation that last year stole personal data on 1.5 million health care patients in Singapore, including the prime minister, targeted an unpatched version of Microsoft Outlook, an official inquiry has found. The hackers exploited a known vulnerability in Outlook using “a publicly available hacking tool, which allowed the attacker to install malware on compromised workstations,” says a more than 400 page report published Thursday by a government-backed commission.
“Healthcare breaches are a major concern and the levels of criticality are entirely dependent on the threat actor(s) involved,” said Cole, who is CTO of cybersecurity company Attivo Networks. “The companies that make up this part of our critical infrastructure have a hard job of keeping data secure at rest and in transit across a vast swath of different systems.”
Tony Cole, CTO of cybersecurity firm Attivo Networks, told CyberScoop that the attacks on Cisco switches showed that organizations are still slow to detect advanced hackers that have breached their networks. “Today’s preventative-focused security infrastructure is and will continue to be somewhat inept at stopping attacks,” Cole said.