MH 6:01/5
CYBERSECURITY ADVISORY 04/2021 – CYBERSECURITY MEASURES IN RESPONSE TO DNS VULNERABILITY1. The Singapore Computer Emergency Response Team (SingCERT) has issued an alert on 15 April 2021 that security researchers have discovered multiple Domain Name System (DNS) implementation vulnerabilities in four popular TCP/IP network stacks. Dubbed NAME:WRECK, they had affected over 100 million operational technology (OT), information technology (IT) and connected Internet of Things (IoT)/medical devices1 running on FreeBSD, IPnet, NetX and Nucleus NET stacks. Vulnerable devices could be subjected to either denial-of-service (DoS) or remote code-execution (RCE) attacks, i.e. a remote attacker could exploit these vulnerabilities to disrupt or take control of the affected system or devices, with resultant data leaks or patient safety issue.
2.
All licensees are strongly encouraged to review the SingCERT alert attached at Annex A together with this advisory, and work with your IT administrators or partners to implement the following cybersecurity measures immediately: a. Identify whether you have the affected systems or medical device(s) running on FreeBSD, IPnet, NetX and Nucleus NET stacks in your organisation. If the affected device(s) are found in your organisation, apply the latest available patches, and implement mitigating measures as advised.
b. If patches are not available, SingCERT advised administrators to enforce segmentation controls and proper network hygiene measures such as restricting external communication paths and isolating vulnerable devices. They should then monitor patches released, track all network traffic for malicious data and configure devices to rely on internal DNS servers.
c. If you detect any suspicious activities, seek immediate professional cybersecurity expertise to help with incident response and recovery. If you are 1 These devices could include consumer electronic products such as wearable fitness products, medical devices such as ultrasound machines, defibrillators, patient monitors, magnetic resonance imaging, telemonitoring devices, etc. 2 unsure where to seek such expertise, you can also contact and consult SingCERT at (https://www.csa.gov.sg/singcert/reporting) for assistance if required.
d. Subscribe to the SingCERT mailing list at (https://www.csa.gov.sg/singcert/subscribe) to keep abreast of latest cybersecurity alerts and advisories, and adopt recommended cybersecurity measures as appropriate to respond to fast-evolving cyber threats.
3. These measures are intended to help you safeguard your IT systems, medical devices and electronic medical records, which are part of your obligations under the Private Hospitals and Medical Clinics Regulations (PHMCR) and the Personal Data Protection Act (PDPA).
4. Licensees are strongly encouraged to be vigilant against constant and evolving cybersecurity threats. With the recent spate of cyber-attacks, licensees are also reminded to exercise strong oversight of technology risks in your arrangements with third party service providers to ensure the security and integrity of your IT systems, medical devices and electronic medical records.
5. If you have any questions or clarifications, please contact us at eLIS@moh.gov.sg.
Thank you.
ADJ ASSOC PROF (DR) RAYMOND CHUA
GROUP DIRECTOR (HEALTHCARE REGULATION GROUP) & ASSISTANT COMMISSIONER (CYBERSECURITY)
MINISTRY OF HEALTH
MS ANNIE LIM
MINISTRY CHIEF INFORMATION SECURITY OFFICER
MINISTRY OF HEALTH
The full document can be downloaded below:
Download [.pdf, 187KB]Annex A:
Download [.pdf, 90KB]