Schools told to update systems to guard against potential vulnerabilities; MOE says no cyberattacks found
The issue came to light on Wednesday (Jul 23) when it emerged that the School of the Arts had taken down its parents portal to facilitate an update to its Microsoft SharePoint servers.
The Ministry of Education building in Singapore. (File photo: Alvin Chong)
This audio is generated by an AI tool.
SINGAPORE: The Ministry of Education (MOE) said on Wednesday (Jul 23) that it had advised schools to update their Microsoft SharePoint servers with the latest security patch to guard against potential vulnerabilities, but it added that no cyberattacks had been detected so far.
MOE's statement came in response to CNA queries, when it emerged that the School of the Arts (SOTA) had taken down its parents portal as a part of a cybersecurity measure.
The school said it had identified a vulnerability in the third-party server infrastructure supporting the portal and that the third-party service provider had acknowledged such reports from their server customers.
"This vulnerability is currently being actively exploited in a global cyberattack campaign, which has already compromised organisations worldwide, including government agencies and multinational corporations," the school said in a message to parents.
"The attacks, which began on Jul 18, are specifically targeting school-managed installations."
In a media statement later on Wednesday evening, SOTA said it did not identify any compromise of its systems.
It added that it had temporarily disconnected the parent portal, which is hosted on SharePoint, from the internet as a "precautionary measure" to facilitate the security patch, as advised by MOE.
On Tuesday, the Cyber Security Agency of Singapore (CSA) issued an alert for users of Microsoft SharePoint to update to the latest version, citing "critical vulnerabilities".
SharePoint is a web-based collaborative document management platform developed by Microsoft.
On the same day, Microsoft issued a threat intelligence note warning of active attacks targeting SharePoint servers via known vulnerabilities. It said security updates have been released to address the flaws.
The note linked the attacks to three China-based groups, and added that investigations into other threat actors are ongoing.
In response to CNA's queries, CSA said it has reached out to "all critical sectors" that are using vulnerable versions of SharePoint to advise them to update to the latest version provided by Microsoft.
The agency added that it is working with GovTech and the sectors to analyse the impact.
In an updated advisory published on Thursday, CSA said that patching alone is insufficient if a SharePoint server has already been compromised.
"Based on incidents reported worldwide, threat actors continue to be able to exploit already-patched SharePoint servers, if additional mitigation measures had not been applied," said CSA.
"Mitigation steps, which include rotating keys, restarting IIS service and removing artefacts (e.g. web shells), are critical to minimise the risk to your organisation."
CSA added that the situation is developing and that it will update its advisory when new information becomes available.
