Thursday, October 27, 2016

‘No indication’ devices from Singapore contributed to US cyberattack: CSA

‘No indication’ devices from Singapore contributed to US cyberattack: CSA
By Kevin Kwang  Posted 27 Oct 2016 13:39 Updated 27 Oct 2016 13:40

SINGAPORE: There is no indication that devices from Singapore contributed to the attack against US-based domain name service provider Dyn, which resulted in Web services like Twitter, Spotify and Reddit experiencing downtime, the Cyber Security Agency of Singapore (CSA) said on Wednesday (Oct 26).

In its reply to queries by Channel NewsAsia, a CSA spokesperson said there is a wide range of Internet-connected devices manufactured from various countries on the market, and that any of these devices could be commandeered by hackers anywhere in the world. These cybercriminals can, in turn, direct the zombie devices to take down a targeted site by flooding it with Web traffic.

Dyn on Wednesday shed more light on the Oct 21 attack on its managed DNS infrastructure, with the company’s EVP of Product Scott Hilton stating in a blogpost that the attack was “complex and sophisticated”, and confirming that the Mirai botnet was the primary source of malicious attack traffic.

Mirai is a malware that targets insecure Internet of Things (IoT) devices such as webcams and home routers, and the source code for the malware was released on the open Web earlier in October before the Dyn attack took place.

Chinese manufacturer Hangzhou Xiongmai was fingered as the maker of compromised webcams used in the Dyn attack, and said it would recall as many as 10,000 infected devices as a result. Mr Li Yuexin, Xiongmai’s marketing director, told Reuters on Tuesday that the company would recall the first few batches of surveillance cameras made in 2014 that monitor rooms or shops for personal use.

Threat research company Flashpoint had actually flagged the company as early as Oct 7, after similar large-scale DDoS attacks were conducted on security research Brian Kreb’s blog and French Web hosting company OVH. Flashpoint researchers said then that Xiongmai sells white-labelled DVRs, IP cameras and software to other vendors who then use these in their own products.

“Altogether, over 500,000 devices on public IPs around the world appear susceptible to this vulnerability,” according to the security note.

Local telco StarHub had on Wednesday also identified such compromised devices as the cause for DDoS attacks that resulted in two broadband outages it suffered on Oct 22 and Oct 24. It stopped short of linking its downtime with that of the attack on Dyn.

The attack on StarHub was the first of that nature on Singapore’s infrastructure, according to the CSA and Infocomm Media Development Authority.

- CNA/cy

- wong chee tat :)

No comments: