Assignment Details:

NUS, NTU networks hit by ‘sophisticated’ cyber attacks
By: Justin Ong
Source: Channel NewsAsia
Published: 12 May 2017 02:00pm
Updated: 15 June 2017 09:02pm

SINGAPORE: The National University of Singapore (NUS) and Nanyang Technological University (NTU) suffered separate IT network breaches in April, according to the Cyber Security Agency (CSA) and the Ministry of Education (MOE) on Friday (May 12).

On Apr 11, NUS detected an unauthorised intrusion into its IT systems through a single server, while NTU detected a malware attack on Apr 19 possibly due to phishing or browsing of infected sites.

Both universities then alerted CSA, which has since been assisting them by conducting forensics and implementing mitigating measures, the joint press release added.

The objective of the attacks “may be to steal information related to Government or research”, said authorities, adding that “there is no evidence that information or data related to students was being targeted”.

Malicious activity was also detected in other institutions, Government agencies and industries during this period – but these were isolated and limited incidents which were quickly cleaned up, Channel NewsAsia understands.

“NOT WORK OF CASUAL HACKERS”
This is the first sophisticated cyber-attack on Singapore universities. It was targeted, carefully planned and “not the work of casual hackers”, said authorities.

The attacks were not part of a coordinated, orchestrated campaign and were not identical – they did not originate from the same place, and were not conducted by the same people.

But Advanced Persistent Threat (APT) actors – perpetrators who manage to gain access to a network without being detected and are able to continuously access information whenever they want over a period of time – were involved in both incidents.

“However, as the universities’ systems are separate from Government IT systems, the extent of the APTs’ activities appear to be limited,” said CSA and MOE. “The daily operations of both universities, including critical IT systems such as student admissions and examination databases, were not affected.”

Said CSA chief executive David Koh: “We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons.”

CSA, MOE and the universities said they would not be able to provide further details about the incident as it “could impact the effectiveness of additional defensive and preventive measures being put in place”.

Minister for Communications and Information Yaacob Ibrahim wrote on Facebook on Friday that the attacks are a “stark reminder” that cyber threats are real in Singapore. He added that the breaches are of concern, but that the situation has been contained.

“As we become more digitally connected, such threats will continue to increase in sophistication, and both public and private sector organisations are equally vulnerable,” Dr Yaacob said, who added that individuals can also do their part to be vigilant and practise good cyber hygiene.

ADDITIONAL SECURITY MEASURES IMPLEMENTED
A NUS spokesperson said “immediate action was taken to isolate and remediate affected desktop computers and servers”. Similarly, NTU said it immediately removed and replaced affected machines which included shared personal computers and front-end workstations.

“NUS and NTU have increased vigilance, and adopted additional security measures beyond those already in place,” said the authorities.

CSA has reached out to other autonomous universities in Singapore, as well as Critical Information Infrastructure (CII) sectors and Government, to step up monitoring and checks on their networks.

“There has been no sign of suspicious activity in CII networks or Government networks thus far,” said authorities.

In an email to NUS students on Friday, the university’s chief IT officer Tommy Hor informed them that additional measures would be put in place to safeguard its IT systems. These include stepping up network and system monitoring as well as enhancing security management.

The email added that students are not required to change their password for NUSNET, which is the portal used for accessing email and e-resources, although they can if they want to.

“This incident highlights the rising sophistication of cyber security attacks and the need for heightened vigilance,” said Mr Hor. “We would like to emphasise the importance of adopting good cyber and information security practices.”

The latest cyber-attack comes on the heels of the Ministry of Defence’s revelation in February that the personal data of 850 national servicemen and employees were stolen following a breach in its I-net system. The Ministry of Foreign Affairs’ IT system was also breached, according to Minister for Communications and Information Yaacob Ibrahim in Parliament in 2015.

CSA’s Mr Koh previously said that from 2015 to June 2016, there have been 16 waves of targeted cyber-attacks surfaced to the agency’s attention.

Retrieved from: https://www.channelnewsasia.com/news/singapore/nus-ntu-networks-hit-bysophisticated-cyber-attacks-8840596

Question 1 (Word Limit: 1000 words)
(a) Identify and describe the threat category that advanced persistent threat (APT) belongs to. Distinguish APT from other common security attacks in that threat category. Which member(s) of the C.I.A. triad does APT typically affect?
(15 marks)

(b) You have been asked to formulate an incident response plan based on the scenario in the article. As part of the plan, describe three (3) incident indicators for APT. For each of the indicator, you should also explain why it indicates APT and state the category of indicator, i.e., possible, probable or definite.
(15 marks)

Question 2 (Word Limit: 800 words)
(a) Develop a security education, training and awareness (SETA) programme for a university. The purpose of the programme is to improve the security of systems used by students, such as the student portal. You should describe the objective, target audience and teaching methods for each element of the SETA program.
(18 marks)

(b) Which access control model would you apply for a university? Justify your choice.
(5 marks)

Question 3 (Word Limit: 1000 words)
The article mentioned three information assets – student admissions system, examination database and student portal. You are asked to conduct a simple risk assessment for these three assets. Assume that the information assets are used for the following purposes:
 Student admissions system – An online system for potential students to apply for admission to the university
 Examination database – An internal system used by the teaching and administrative staff for examination purposes. Examination papers for upcoming examinations are stored in this database.
 Student portal – A one-stop online system for students to access university resources and IT applications for students

(a) Apply the risk identification techniques that you have learned in this module to prepare a weighted factor analysis worksheet. You should first propose and justify three (3) appropriate criteria which can be used to prioritise the information assets. Assign weights to each criterion and assign values to each of the three assets, and present the information in a format similar to Table 6-2 (page 263) of the textbook. Give brief reasons for the values you assigned.
(32 marks)

(b) Assess the risk by identifying three (3) threats faced by all three information assets. Describe the threat and state the threat category it belongs to. You should choose three threats that come from different threat categories. Do not use the same threat and threat category as Question 1(a).
(15 marks)