- This topic has 6 replies, 5 voices, and was last updated 6 months, 1 week ago by
Saranath.
-
AuthorPosts
-
-
2024-09-16 at 7:40 pm #45525
Aye Thinzar Oo
ParticipantCase study 5: Singapore public health services hit by DDoS attacks
1. Provide a brief description of the story.
Brief description of DDoS attacks in Singapore public health services
The “DDoS” attacked happened in Singapore public health services. This attack is an attempt to disrupt or shut down the functioning of targeted server, service, or network. This attack disrupted to interconnectivity affecting all public healthcare clusters in Singapore on 3rd November 2023 (Wednesday), taking seven hours long. During that time, websites, email and productivity tools for staff couldn’t access these services. So, their users had reported this error when trying to access the websites of some public healthcare institutions, such as Singapore General hospital, National University Hospital and Tan Tock Seng Hospital, according to local media. Synapxe said, it was being maintained the work of critical system needs to provide clinical services at the public healthcare institution including access to patient records.
2. What is/are the impact of this data breach? Consequences of the data breach.
The impact of the attack was the healthcare services effecting on around 46 public healthcare institutions and 1400 community partners and users could not access the healthcare information such as public healthcare websites, email and productivity tools. It was happening for seven hours long. The consequences of the attack occurring in health services agency also couldn’t access the whole process of healthcare system.3. How did the data breach occur?
DDoS attacks represent a major problem for all internet sites, efforts to develop effective preventive and defensive strategies are continuing.
Against the DDoS, they are very difficult to be defended, if the attack comes from a large number of different sources at the same time. In the public health crisis, it might occur the overwhelming number of legitimate public requests for service to public health web sites.4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The main cause of the attack was “DDoS”. It hasn’t known who attacks of DDoS yet. I think this is human typing error (Because even unauthorized users can attempt to gain access to a system, a large number of such attempts can effectively preclude usage by everyone) or HIPAA violation. HIPAA privacy rule requires patient consent for disclosure of identifiable records of medical care with certain exceptions. HIPAA says that covered entities “may” provide information to public health, it does not require them to do so. The Institute of Medicine observed that the Privacy Rule “impedes the conduct of important health research”. In many cases these negative impacts are due to misunderstanding of HIPAA by providers, but the effects are real, nevertheless.
5. How could you prevent this data breach attack?
Preventing DDoS attacks can be challenging, distributed network architecture. Attack surface reduction is limiting can help minimize the effect of DDoS attack. Some of attack surface reduction methods are restricting traffic to specific locations, blocking communication of unused ports, and applications. The designers of public health information system must provide alternate access paths that can be activated in emergencies. And must have a backup emergency Internet connection through an alternate Internet service provider. Only official personnel should be informed of this backup address. Using a content delivery network (CDN) to cache resources can reduce the strain on an organization’s servers and make it more difficult for them to become overloaded by both legitimate and malicious requests. Rate limiting can be used to prevent DDoS attacks that use botnets to spam an endpoint with an abnormal number of requests at once. One of DDoS prevention tool is Web application Firewall (WAF) helps block attacks by using customizable policies to filter, inspect, ad block http traffic between web application and the internet.Reference
https://therecord.media/singapore-public-health-services-ddos-attack
https://www.cloudflare.com/learning/ddos/how-to-prevent-ddos-attacks/ -
2024-09-16 at 8:20 pm #45526
Cing Sian Dal
ParticipantPreventing DDoS attacks is quite challenging. Blocking unused locations, and unused ports, WAF are insightful methods for me because, in this way, we can minimize the traffic. I am curious about the limitations of web application firewalls like, “How much traffic can a WAF handle effectively in maximum?”
-
2024-09-17 at 7:01 pm #45546
Aye Thinzar Oo
ParticipantThank you for your suggestion and discussion. Let me address your question so that I understand it.
The effectiveness of a Web Application Firewall (WAF) depends on its configuration and the specific solution in use. The maximum traffic that a WAF can handle effectively varies based on the particular implementation and the capacity of the underlying infrastructure. I found a website that describes it as follows: “UltraWAF is built upon our DDoS infrastructure, which can handle up to 15+Tbps of traffic. This ensures our service can support a significant amount of traffic to meet your needs.”
You can find the reference at https://sourcedefense.com/glossary/limitations-of-waf/-
2024-09-18 at 6:11 am #45557
Cing Sian Dal
ParticipantThank you for your thorough explanation and I understand now.
-
-
-
2024-09-17 at 7:52 pm #45551
Wannisa Wongkamchan
ParticipantThank you for your good suggestions to prevent, like using a CDN, WAF, and rate limiting. Your work helps me understand how to protect health information from DDoS attacks. Also, they should have a plan ready to switch to backup systems fast if needed.
-
2024-09-19 at 10:40 am #45581
Alex Zayar Phyo Aung
ParticipantThe preventive measure you mentioned is quite comprehensive. I can learn a lot on the how to prevent DDoS attack in real world scenerios.
-
2024-09-22 at 12:36 pm #45618
Saranath
KeymasterDDoS attack is quite common. The prevention is also challenging. The system should be closely monitored to detect unusual traffic.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here