SingCERT publishes advisory following attack on Starhub's network by its customers' infected devices

SINGAPORE – The Singapore Computer Emergency Response Team (SingCERT ) has published an advisory on Wednesday (Oct26) following the first major attack to hit Singapore’s telco infrastructure on Monday (Oct 24).

Besides checking for software updates regularly and installing them, businesses and individuals were advised to turn off remote access to Internet-connect devices like cameras and printers.

Default passwords was also a vulnerability that could be exploited, SingCERT said.

Telco operator Starhub confirmed on Tuesday (Oct 25) that its network was overwhelmed by a Distributed Denial of Service (DDoS) attack that caused two outages.

Read also: StarHub confirms cyber attacks on servers caused broadband disruptions on Saturday and Monday

The Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) will be working closely with Starhub following the attacks on its broadband service.

“DDoS attacks on Domain Name Services (DNS), as seen in the Starhub’s case are generally rare, although the latest Dyn incident in US has shown that it is surfacing as an emerging trend,” CSA and IMDA noted in their joint statement.

DNS is a database that converts web addresses like www.nameofwebsite.com into machine readable sets of digits, for customers to view websites on their computers. When a DNS is not operating normally, customers may face difficulty in accessing the internet.

‘123456’ and ‘password’ top list as worst passwords again

Click on thumbnail to view photos. Source: 

Shutterstock, Reuters

“In DDoS attacks, attackers usually scan for vulnerable internet-connected devices and employ a list of techniques (e.g. password cracking) to gain access to the devices,” the two agencies added.

“Any Internet-connected device, from wifi- routers to printers to cctvs, can inadvertently be part of a network of “bots” that can be activated to attack other systems.

“Given the increasing connectedness of digital systems, there is no fool-proof solution.”

Starhub confirmed on Wednesday evening (Oct 26) that the infected devices that brought down its network were from its own customers.

Read also: Amazon, Spotify, Twitter suffer service disruptions due to attack on infrastructure provider

Monday’s attacks on Starhub’s networks “were unprecedented in scale, nature and complexity”, the telco said in an earlier statement.

In response to the infection, Starhub will be deploying its “HubTroopers” technical team top help troubleshoot their customers’ compromised machines, Channel NewsAsia reported.

The Heartbleed Hit List: The Passwords You Need to Change Right Now

Click on thumbnail to view photos. Source: 

Reuters, Internet screengrabs

It is still not clear if Starhub’s outages were isolated, or linked to the US-based Dyn DNS attacks, the report added.

Echoing StarHub’s Chief Technology Officer Mock Pak Lum advice for everybody to play a role in cybersecurity, CSA and IMDA wrote: “Owners of internet-connected devices should adopt good cyber hygiene practices to secure their devices.”

grongloh@sph.com.sg

Read also: Cyber attack likely mitigated, US Homeland Security says

Nude photos of stars leaked in apparent Hollywood hack attack

Click on thumbnail to view photos. Source: 

Various sources

​