‘No indication’ devices from Singapore contributed to US cyberattack: CSA
By Kevin Kwang Posted 27 Oct 2016 13:39 Updated 27 Oct 2016 13:40
SINGAPORE: There is no indication that devices from Singapore contributed to the attack against US-based domain name service provider Dyn, which resulted in Web services like Twitter, Spotify and Reddit experiencing downtime, the Cyber Security Agency of Singapore (CSA) said on Wednesday (Oct 26).
In its reply to queries by Channel NewsAsia, a CSA spokesperson said there is a wide range of Internet-connected devices manufactured from various countries on the market, and that any of these devices could be commandeered by hackers anywhere in the world. These cybercriminals can, in turn, direct the zombie devices to take down a targeted site by flooding it with Web traffic.
Dyn on Wednesday shed more light on the Oct 21 attack on its managed DNS infrastructure, with the company’s EVP of Product Scott Hilton stating in a blogpost that the attack was “complex and sophisticated”, and confirming that the Mirai botnet was the primary source of malicious attack traffic.
Mirai is a malware that targets insecure Internet of Things (IoT) devices such as webcams and home routers, and the source code for the malware was released on the open Web earlier in October before the Dyn attack took place.
Chinese manufacturer Hangzhou Xiongmai was fingered as the maker of compromised webcams used in the Dyn attack, and said it would recall as many as 10,000 infected devices as a result. Mr Li Yuexin, Xiongmai’s marketing director, told Reuters on Tuesday that the company would recall the first few batches of surveillance cameras made in 2014 that monitor rooms or shops for personal use.
Threat research company Flashpoint had actually flagged the company as early as Oct 7, after similar large-scale DDoS attacks were conducted on security research Brian Kreb’s blog and French Web hosting company OVH. Flashpoint researchers said then that Xiongmai sells white-labelled DVRs, IP cameras and software to other vendors who then use these in their own products.
“Altogether, over 500,000 devices on public IPs around the world appear susceptible to this vulnerability,” according to the security note.
Local telco StarHub had on Wednesday also identified such compromised devices as the cause for DDoS attacks that resulted in two broadband outages it suffered on Oct 22 and Oct 24. It stopped short of linking its downtime with that of the attack on Dyn.
The attack on StarHub was the first of that nature on Singapore’s infrastructure, according to the CSA and Infocomm Media Development Authority.
- CNA/cy
- wong chee tat :)
Showing posts with label opendns. Show all posts
Showing posts with label opendns. Show all posts
Thursday, October 27, 2016
Broadband service outages due to DDoS attacks: StarHub
Broadband service outages due to DDoS attacks: StarHub
Posted 25 Oct 2016 15:36 Updated 25 Oct 2016 23:07
SINGAPORE: The two recent broadband service outages that hit StarHub were the result of "intentional and likely malicious attacks" on its servers, the telco confirmed on Tuesday (Oct 25), adding that the attacks were "unprecedented in scale, nature and complexity".
In a media statement, StarHub said: "We have completed inspecting and analysing network logs from the home broadband incidents on Oct 22 and Oct 24 and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our domain name servers (DNS).
"These two recent attacks that we experienced were unprecedented in scale, nature and complexity," it said.
Starhub said that the DDoS attacks caused temporary web connection issue for some of its home broadband customers. "On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity, and restored service within two hours. No impact was observed on the rest of our services, and the security of our customers’ information was not compromised."
The broadband service provider said it would continue to stay vigilant against possible follow-up DDoS attempts, and is working closely with the authorities to determine intent and source of these two DDoS attacks.
Earlier on Tuesday, the Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) said that the possibility of a DDoS attack could not be ruled out, and noted that StarHub's outages came on the heels of Friday’s attack against the US-based domain name system service provider Dyn.
StarHub had earlier said it detected a "spike in data traffic" coming into its domain name servers (DNS) that temporarily affected the Web connection for some of its home broadband customers during the time of the outage.
A DNS is a database that translates Web addresses, such as www.nameofwebsite.com, into machine readable sets of digits for customers to view websites on their computers.
"When a DNS is not operating optimally, customers may face difficulty in accessing the Internet," the telco said.
After detecting the sudden increase in traffic to the servers, StarHub said it immediately started filtering the unwanted traffic and added DNS capacity to manage the "huge increase in traffic load". As a result, some customers temporarily faced intermittent broadband access, it said.
The telco added that there was no impact on its mobile broadband, enterprise and home voice services, and the security of customers’ information was not compromised.
According to StarHub, the home broadband service for affected customers was fully restored at about 11.25pm on Monday.
The company said that initial investigations pointed to similarities between the outage on Monday and the first incident last Saturday.
- CNA/mz/ek
- wong chee tat :)
Posted 25 Oct 2016 15:36 Updated 25 Oct 2016 23:07
SINGAPORE: The two recent broadband service outages that hit StarHub were the result of "intentional and likely malicious attacks" on its servers, the telco confirmed on Tuesday (Oct 25), adding that the attacks were "unprecedented in scale, nature and complexity".
In a media statement, StarHub said: "We have completed inspecting and analysing network logs from the home broadband incidents on Oct 22 and Oct 24 and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our domain name servers (DNS).
"These two recent attacks that we experienced were unprecedented in scale, nature and complexity," it said.
Starhub said that the DDoS attacks caused temporary web connection issue for some of its home broadband customers. "On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity, and restored service within two hours. No impact was observed on the rest of our services, and the security of our customers’ information was not compromised."
The broadband service provider said it would continue to stay vigilant against possible follow-up DDoS attempts, and is working closely with the authorities to determine intent and source of these two DDoS attacks.
Earlier on Tuesday, the Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) said that the possibility of a DDoS attack could not be ruled out, and noted that StarHub's outages came on the heels of Friday’s attack against the US-based domain name system service provider Dyn.
StarHub had earlier said it detected a "spike in data traffic" coming into its domain name servers (DNS) that temporarily affected the Web connection for some of its home broadband customers during the time of the outage.
A DNS is a database that translates Web addresses, such as www.nameofwebsite.com, into machine readable sets of digits for customers to view websites on their computers.
"When a DNS is not operating optimally, customers may face difficulty in accessing the Internet," the telco said.
After detecting the sudden increase in traffic to the servers, StarHub said it immediately started filtering the unwanted traffic and added DNS capacity to manage the "huge increase in traffic load". As a result, some customers temporarily faced intermittent broadband access, it said.
The telco added that there was no impact on its mobile broadband, enterprise and home voice services, and the security of customers’ information was not compromised.
According to StarHub, the home broadband service for affected customers was fully restored at about 11.25pm on Monday.
The company said that initial investigations pointed to similarities between the outage on Monday and the first incident last Saturday.
- CNA/mz/ek
- wong chee tat :)
Possibility of DDoS attack on StarHub broadband service cannot be ruled out: IMDA
Possibility of DDoS attack on StarHub broadband service cannot be ruled out: IMDA
Posted 25 Oct 2016 18:09 Updated 25 Oct 2016 22:21
SINGAPORE: Authorities are not ruling out the possibility of a Distributed Denial of Service (DDoS) attack in the two outages that telco StarHub's broadband service saw in the space of two days.
In a joint statement to the media on Tuesday (Oct 25), the Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) said: "We have been paying close attention to developments as it happened on the heels of Friday’s attack against the US-based domain name system service provider, Dyn. We cannot rule out the possibility that this was a DDoS attack."
Earlier on Tuesday, StarHub said Monday's outage came after it detected a "spike in data traffic" coming into its domain name servers. The telco said it is currently investigating the root cause, including whether the spike in traffic was malicious in intent.
"What is important now is for StarHub to determine the root cause of the problem and prevent a recurrence," said IMDA and CSA in their joint statement.
"IMDA is working closely with StarHub to investigate the matter and strengthen its infrastructure and processes.
OTHER TELCOS ADVISED TO STEP UP DEFENCES
In the statement, IMDA said it also advised the other telcos to step up their defences in case there are similar disruptions to their systems.
Responding to queries from Channel NewsAsia's, Singtel said it has measures in place to safeguard its network.
“We did not observe any abnormal traffic trends over the past weekend, but will continue to monitor our networks closely. We have a robust monitoring system and resilient protection mechanisms in place to safeguard our networks,” a spokesperson told Channel NewsAsia.
M1 said it is "aware of the recent cyber-attacks and is on alert".
"We have made significant investments to defend our systems against cyber-attacks, including DDoS attacks," said Mr Chua Hian Hou, assistant general manager of corporate communications at M1.
In the joint statement, CSA added that it is "studying and addressing the risks of DDoS attacks on our communications systems, as well as the measures to mitigate the impact of such attacks if they happen."
CSA added that it would also reach out to educate the public and businesses on the need to properly secure their systems.
- CNA/dt
- wong chee tat :)
Posted 25 Oct 2016 18:09 Updated 25 Oct 2016 22:21
SINGAPORE: Authorities are not ruling out the possibility of a Distributed Denial of Service (DDoS) attack in the two outages that telco StarHub's broadband service saw in the space of two days.
In a joint statement to the media on Tuesday (Oct 25), the Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) said: "We have been paying close attention to developments as it happened on the heels of Friday’s attack against the US-based domain name system service provider, Dyn. We cannot rule out the possibility that this was a DDoS attack."
Earlier on Tuesday, StarHub said Monday's outage came after it detected a "spike in data traffic" coming into its domain name servers. The telco said it is currently investigating the root cause, including whether the spike in traffic was malicious in intent.
"What is important now is for StarHub to determine the root cause of the problem and prevent a recurrence," said IMDA and CSA in their joint statement.
"IMDA is working closely with StarHub to investigate the matter and strengthen its infrastructure and processes.
OTHER TELCOS ADVISED TO STEP UP DEFENCES
In the statement, IMDA said it also advised the other telcos to step up their defences in case there are similar disruptions to their systems.
Responding to queries from Channel NewsAsia's, Singtel said it has measures in place to safeguard its network.
“We did not observe any abnormal traffic trends over the past weekend, but will continue to monitor our networks closely. We have a robust monitoring system and resilient protection mechanisms in place to safeguard our networks,” a spokesperson told Channel NewsAsia.
M1 said it is "aware of the recent cyber-attacks and is on alert".
"We have made significant investments to defend our systems against cyber-attacks, including DDoS attacks," said Mr Chua Hian Hou, assistant general manager of corporate communications at M1.
In the joint statement, CSA added that it is "studying and addressing the risks of DDoS attacks on our communications systems, as well as the measures to mitigate the impact of such attacks if they happen."
CSA added that it would also reach out to educate the public and businesses on the need to properly secure their systems.
- CNA/dt
- wong chee tat :)
StarHub broadband service suffers second outage in 2 days
StarHub broadband service suffers second outage in 2 days
Posted 24 Oct 2016 23:07 Updated 25 Oct 2016 09:04
SINGAPORE: Customers of telco StarHub took to social media to air their frustrations about a second broadband service outage on Monday evening (Oct 24), two days after the first outage.
Singer Taufik Batisah was among the StarHub customers who joined in the chorus of complaints, commenting that they had to rely on their mobile data for their Internet connection instead.
In response to queries by Channel NewsAsia, a StarHub spokesperson said: "We are aware that some broadband customers are facing difficulties accessing the Internet. We are looking into this right now, and will provide our customers with updates through our Facebook page."
In a post on its Facebook page on Tuesday at 1.25am, StarHub said that at about 11.20pm on Monday, it rectified a network equipment issue that had temporarily affected their residential broadband service since about 10pm the same day.
"We are currently investigating the root cause of this incident. We have been monitoring the service in the past two hours to ensure it remains stable for our customers, and thank everyone for their patience and understanding."
StarHub had also attributed Saturday's outage to a "network equipment issue", which it fixed at 2am on Sunday.
- CNA/ek
- wong chee tat :)
Posted 24 Oct 2016 23:07 Updated 25 Oct 2016 09:04
SINGAPORE: Customers of telco StarHub took to social media to air their frustrations about a second broadband service outage on Monday evening (Oct 24), two days after the first outage.
Singer Taufik Batisah was among the StarHub customers who joined in the chorus of complaints, commenting that they had to rely on their mobile data for their Internet connection instead.
In response to queries by Channel NewsAsia, a StarHub spokesperson said: "We are aware that some broadband customers are facing difficulties accessing the Internet. We are looking into this right now, and will provide our customers with updates through our Facebook page."
In a post on its Facebook page on Tuesday at 1.25am, StarHub said that at about 11.20pm on Monday, it rectified a network equipment issue that had temporarily affected their residential broadband service since about 10pm the same day.
"We are currently investigating the root cause of this incident. We have been monitoring the service in the past two hours to ensure it remains stable for our customers, and thank everyone for their patience and understanding."
StarHub had also attributed Saturday's outage to a "network equipment issue", which it fixed at 2am on Sunday.
- CNA/ek
- wong chee tat :)
Starhub fibre broadband service outage sparks customers' ire
Starhub fibre broadband service outage sparks customers' ire
Posted 22 Oct 2016 23:30 Updated 23 Oct 2016 02:32
SINGAPORE: StarHub customers took to social media to air their frustrations following a fibre broadband service outage by the local telco on Saturday evening (Oct 22).
According to affected StarHub customers on social media, the outage started at around 10.00pm.
Responding to queries from Channel NewsAsia, a StarHub spokesperson said the telco is “working as fast as it can to fix an issue affecting customers' broadband service” and added that updates on the outage will be provided on its Facebook page.
"Our engineers are continuing to work to rectify the situation as soon as possible for customers. Updates to come."
In a Facebook post at 2.00am on Sunday, StarHub said they have since rectified a network equipment issue and are now closely monitoring the situation to ensure the service stabilises for their customers.
- CNA/xk
- wong chee tat :)
Posted 22 Oct 2016 23:30 Updated 23 Oct 2016 02:32
SINGAPORE: StarHub customers took to social media to air their frustrations following a fibre broadband service outage by the local telco on Saturday evening (Oct 22).
According to affected StarHub customers on social media, the outage started at around 10.00pm.
Responding to queries from Channel NewsAsia, a StarHub spokesperson said the telco is “working as fast as it can to fix an issue affecting customers' broadband service” and added that updates on the outage will be provided on its Facebook page.
"Our engineers are continuing to work to rectify the situation as soon as possible for customers. Updates to come."
In a Facebook post at 2.00am on Sunday, StarHub said they have since rectified a network equipment issue and are now closely monitoring the situation to ensure the service stabilises for their customers.
- CNA/xk
- wong chee tat :)
Broadband service outages due to DDoS attacks: StarHub
Broadband service outages due to DDoS attacks: StarHub
Posted 25 Oct 2016 15:36 Updated 25 Oct 2016 23:07
SINGAPORE: The two recent broadband service outages that hit StarHub were the result of "intentional and likely malicious attacks" on its servers, the telco confirmed on Tuesday (Oct 25), adding that the attacks were "unprecedented in scale, nature and complexity".
In a media statement, StarHub said: "We have completed inspecting and analysing network logs from the home broadband incidents on Oct 22 and Oct 24 and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our domain name servers (DNS).
"These two recent attacks that we experienced were unprecedented in scale, nature and complexity," it said.
Starhub said that the DDoS attacks caused temporary web connection issue for some of its home broadband customers. "On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity, and restored service within two hours. No impact was observed on the rest of our services, and the security of our customers’ information was not compromised."
The broadband service provider said it would continue to stay vigilant against possible follow-up DDoS attempts, and is working closely with the authorities to determine intent and source of these two DDoS attacks.
Earlier on Tuesday, the Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) said that the possibility of a DDoS attack could not be ruled out, and noted that StarHub's outages came on the heels of Friday’s attack against the US-based domain name system service provider Dyn.
StarHub had earlier said it detected a "spike in data traffic" coming into its domain name servers (DNS) that temporarily affected the Web connection for some of its home broadband customers during the time of the outage.
A DNS is a database that translates Web addresses, such as www.nameofwebsite.com, into machine readable sets of digits for customers to view websites on their computers.
"When a DNS is not operating optimally, customers may face difficulty in accessing the Internet," the telco said.
After detecting the sudden increase in traffic to the servers, StarHub said it immediately started filtering the unwanted traffic and added DNS capacity to manage the "huge increase in traffic load". As a result, some customers temporarily faced intermittent broadband access, it said.
The telco added that there was no impact on its mobile broadband, enterprise and home voice services, and the security of customers’ information was not compromised.
According to StarHub, the home broadband service for affected customers was fully restored at about 11.25pm on Monday.
The company said that initial investigations pointed to similarities between the outage on Monday and the first incident last Saturday.
- CNA/mz/ek
- wong chee tat :)
Posted 25 Oct 2016 15:36 Updated 25 Oct 2016 23:07
SINGAPORE: The two recent broadband service outages that hit StarHub were the result of "intentional and likely malicious attacks" on its servers, the telco confirmed on Tuesday (Oct 25), adding that the attacks were "unprecedented in scale, nature and complexity".
In a media statement, StarHub said: "We have completed inspecting and analysing network logs from the home broadband incidents on Oct 22 and Oct 24 and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our domain name servers (DNS).
"These two recent attacks that we experienced were unprecedented in scale, nature and complexity," it said.
Starhub said that the DDoS attacks caused temporary web connection issue for some of its home broadband customers. "On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity, and restored service within two hours. No impact was observed on the rest of our services, and the security of our customers’ information was not compromised."
The broadband service provider said it would continue to stay vigilant against possible follow-up DDoS attempts, and is working closely with the authorities to determine intent and source of these two DDoS attacks.
Earlier on Tuesday, the Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA) said that the possibility of a DDoS attack could not be ruled out, and noted that StarHub's outages came on the heels of Friday’s attack against the US-based domain name system service provider Dyn.
StarHub had earlier said it detected a "spike in data traffic" coming into its domain name servers (DNS) that temporarily affected the Web connection for some of its home broadband customers during the time of the outage.
A DNS is a database that translates Web addresses, such as www.nameofwebsite.com, into machine readable sets of digits for customers to view websites on their computers.
"When a DNS is not operating optimally, customers may face difficulty in accessing the Internet," the telco said.
After detecting the sudden increase in traffic to the servers, StarHub said it immediately started filtering the unwanted traffic and added DNS capacity to manage the "huge increase in traffic load". As a result, some customers temporarily faced intermittent broadband access, it said.
The telco added that there was no impact on its mobile broadband, enterprise and home voice services, and the security of customers’ information was not compromised.
According to StarHub, the home broadband service for affected customers was fully restored at about 11.25pm on Monday.
The company said that initial investigations pointed to similarities between the outage on Monday and the first incident last Saturday.
- CNA/mz/ek
- wong chee tat :)
Compromised home devices triggered broadband outages: StarHub
Compromised home devices triggered broadband outages: StarHub
By Kevin Kwang Posted 26 Oct 2016 19:10 Updated 27 Oct 2016 08:56
SINGAPORE: Web-connected devices bought by StarHub subscribers were the cause of the "illegitimate traffic" that resulted in the distributed denial of service (DDoS) the telco suffered twice in two days, said StarHub's chief technology officer (CTO) Mock Pak Lum on Wednesday (Oct 26).
In a media briefing, Mr Mock said affected devices such as broadband routers and webcams were responsible for the spike in Web traffic the telco saw last Saturday and Monday nights.
However, he did not disclose how many devices or IP addresses were compromised, or what was the exact volume in the spike in Web traffic its domain name server (DNS) farms had to handle in a short space of time.
The illegitimate traffic to the DNS resulted in an overload that disrupted Web connection for "some" broadband users, Mr Mock said. "Not everyone was affected," he added, saying that some users would have gotten to their desired webpage if they had waited long enough.
As remedial action, the telco said it has increased DNS capacity by 400 per cent since Saturday, and is also implementing traffic filtering and source tracing to identify the source of Web traffic surges.
It is also looking to deploy its technical team - HubTroopers - to subscribers identified with compromised devices to help them troubleshoot. This could either be done at their homes or, with their permission, taken back to StarHub for further investigation.
That said, the CTO said his team is working to scrub through the logs to see if the traffic spike was linked to the attack on US-based Dyn DNS. He noted that there are similarities in that compromised connected home devices were used to conduct the attack, but that it was too early to draw any conclusion.
He also could not comment as to why only StarHub was attacked by the compromised devices, while other Internet service providers were not affected.
StarHub is working with the Cyber Security Agency of Singapore (CSA) in terms of sharing information from its investigations, he added.
In the meantime, Mr Mock stressed that "everyone has a role to play in cybersecurity". "The reward is now too huge" for cybercriminals and the online threat will be "prevalent for a long time to come", the CTO said.
He suggested that consumers only get devices that are "reputable", remember to change the default passwords and set up the necessary defences such as firewalls after buying the devices.
He also cautioned against blindly opening up Web links sent from friends via emails, for instance, as this could potentially lead to malware being downloaded into the device without the user's knowledge.
DDoS ATTACKS LIKELY TO BE MORE COMMON: EXPERTS
The CSA and the Infocomm Media Development Authority (IMDA) said in a joint statement that the DDoS attacks are the first such incident against Singapore's telco infrastructure, and reiterated that they are working "closely" with StarHub to investigate the matter.
Commenting on StarHub's announcement, Mr John Lim, course manager at Nanyang Polytechnic's School of Information Technology, told Channel NewsAsia that he was not surprised that compromised embedded devices were used to stage the DDoS attacks.
He said that PCs and Macs have become much more secure today, but this is not so for devices such as webcams or routers.
"You cannot just install antivirus on these devices," Mr Lim said.
Additionally, consumers can now shop for such connected devices from e-commerce sites such as Taobao, and many times these are brands that are not known here and there is little to no information on the kind of defences manufacturers have installed, he said.
With the proliferation of these Web-connected devices, Mr Lim said he "won't be surprised if there will be other similar attacks that might affect the other two telcos" in the future.
Other experts Channel NewsAsia spoke to concurred, with one pointing to the gaining popularity of the Internet of Things.
"There's research done that 50 billion devices will be connected in 2020. Just imagine: 50 billion (devices) attacking your organisation," said Mr Vincent Loy, Asia Pacific Cyber & Financial Crime Leader at PwC Singapore.
Mr Loy too added that many devices are not built with security in mind.
"They were built to do a certain function; security was not part of it; they do not have password control. They do not have security control, they do not have a log in or back up. The Government and private sector need to work together to come up with a solution in coming up with security by design," Mr Loy said.
Mr Stephen Dane, a managing director at Cisco Systems (HK), pointed to the need for companies to pay more attention to security.
"It's really important to design a network and your infrastructure with high availability in mind, to ensure that not all your eggs are in one basket when it comes to protecting or providing data and holding records on behalf of customers; or in fact, having a website that's associated with just one domain name server," he said.
"It's important to build that resiliency into your infrastructure and ensure that there's high availability as much as possible, so that you are ensuring that the target is distributed as much as possible and therefore the risk is reduced," he added.
Additional reporting by Alice Chia.
- CNA/kk/dl
- wong chee tat :)
By Kevin Kwang Posted 26 Oct 2016 19:10 Updated 27 Oct 2016 08:56
SINGAPORE: Web-connected devices bought by StarHub subscribers were the cause of the "illegitimate traffic" that resulted in the distributed denial of service (DDoS) the telco suffered twice in two days, said StarHub's chief technology officer (CTO) Mock Pak Lum on Wednesday (Oct 26).
In a media briefing, Mr Mock said affected devices such as broadband routers and webcams were responsible for the spike in Web traffic the telco saw last Saturday and Monday nights.
However, he did not disclose how many devices or IP addresses were compromised, or what was the exact volume in the spike in Web traffic its domain name server (DNS) farms had to handle in a short space of time.
The illegitimate traffic to the DNS resulted in an overload that disrupted Web connection for "some" broadband users, Mr Mock said. "Not everyone was affected," he added, saying that some users would have gotten to their desired webpage if they had waited long enough.
As remedial action, the telco said it has increased DNS capacity by 400 per cent since Saturday, and is also implementing traffic filtering and source tracing to identify the source of Web traffic surges.
It is also looking to deploy its technical team - HubTroopers - to subscribers identified with compromised devices to help them troubleshoot. This could either be done at their homes or, with their permission, taken back to StarHub for further investigation.
That said, the CTO said his team is working to scrub through the logs to see if the traffic spike was linked to the attack on US-based Dyn DNS. He noted that there are similarities in that compromised connected home devices were used to conduct the attack, but that it was too early to draw any conclusion.
He also could not comment as to why only StarHub was attacked by the compromised devices, while other Internet service providers were not affected.
StarHub is working with the Cyber Security Agency of Singapore (CSA) in terms of sharing information from its investigations, he added.
In the meantime, Mr Mock stressed that "everyone has a role to play in cybersecurity". "The reward is now too huge" for cybercriminals and the online threat will be "prevalent for a long time to come", the CTO said.
He suggested that consumers only get devices that are "reputable", remember to change the default passwords and set up the necessary defences such as firewalls after buying the devices.
He also cautioned against blindly opening up Web links sent from friends via emails, for instance, as this could potentially lead to malware being downloaded into the device without the user's knowledge.
DDoS ATTACKS LIKELY TO BE MORE COMMON: EXPERTS
The CSA and the Infocomm Media Development Authority (IMDA) said in a joint statement that the DDoS attacks are the first such incident against Singapore's telco infrastructure, and reiterated that they are working "closely" with StarHub to investigate the matter.
Commenting on StarHub's announcement, Mr John Lim, course manager at Nanyang Polytechnic's School of Information Technology, told Channel NewsAsia that he was not surprised that compromised embedded devices were used to stage the DDoS attacks.
He said that PCs and Macs have become much more secure today, but this is not so for devices such as webcams or routers.
"You cannot just install antivirus on these devices," Mr Lim said.
Additionally, consumers can now shop for such connected devices from e-commerce sites such as Taobao, and many times these are brands that are not known here and there is little to no information on the kind of defences manufacturers have installed, he said.
With the proliferation of these Web-connected devices, Mr Lim said he "won't be surprised if there will be other similar attacks that might affect the other two telcos" in the future.
Other experts Channel NewsAsia spoke to concurred, with one pointing to the gaining popularity of the Internet of Things.
"There's research done that 50 billion devices will be connected in 2020. Just imagine: 50 billion (devices) attacking your organisation," said Mr Vincent Loy, Asia Pacific Cyber & Financial Crime Leader at PwC Singapore.
Mr Loy too added that many devices are not built with security in mind.
"They were built to do a certain function; security was not part of it; they do not have password control. They do not have security control, they do not have a log in or back up. The Government and private sector need to work together to come up with a solution in coming up with security by design," Mr Loy said.
Mr Stephen Dane, a managing director at Cisco Systems (HK), pointed to the need for companies to pay more attention to security.
"It's really important to design a network and your infrastructure with high availability in mind, to ensure that not all your eggs are in one basket when it comes to protecting or providing data and holding records on behalf of customers; or in fact, having a website that's associated with just one domain name server," he said.
"It's important to build that resiliency into your infrastructure and ensure that there's high availability as much as possible, so that you are ensuring that the target is distributed as much as possible and therefore the risk is reduced," he added.
Additional reporting by Alice Chia.
- CNA/kk/dl
- wong chee tat :)
Tuesday, May 10, 2016
ICA warns public about another fake website
ICA warns public about another fake website
ICA says another fake website, which uses the URL ica-spg.org, is phishing for personally identifiable information.
Posted 10 May 2016 18:00 Updated 10 May 2016 18:10
SINGAPORE: The Immigration and Checkpoints Authority of Singapore (ICA) has issued a warning to members of the public not to fall for a fake ICA website that is phishing for visitors' particulars.
This is the second such advisory from ICA since Apr 8. An unauthorised website earlier used the URL ica-sg.com to mask as a webform for people to submit visa applications online and mispells Singapore as "Singapure".
In the recent attempt, ICA said another fake website, which uses the URL ica-spg.org, is phishing for personally identifiable information such as National Registration Identification Card (NRIC) and passport numbers.
Another example of the fake ICA website (left) and authentic ICA website (right).
ICA said members of the public are advised to use only its official website at www.ica.gov.sg for all informational and transactional needs concerning ICA matters.
"We would like to assure everyone that access to the official ICA website remains unaffected and no data has been compromised," it added.
ICA said it has made a police report for the matter and will work to bring down the website.
- CNA/xk
- wong chee tat :)
ICA says another fake website, which uses the URL ica-spg.org, is phishing for personally identifiable information.
Posted 10 May 2016 18:00 Updated 10 May 2016 18:10
SINGAPORE: The Immigration and Checkpoints Authority of Singapore (ICA) has issued a warning to members of the public not to fall for a fake ICA website that is phishing for visitors' particulars.
This is the second such advisory from ICA since Apr 8. An unauthorised website earlier used the URL ica-sg.com to mask as a webform for people to submit visa applications online and mispells Singapore as "Singapure".
In the recent attempt, ICA said another fake website, which uses the URL ica-spg.org, is phishing for personally identifiable information such as National Registration Identification Card (NRIC) and passport numbers.
Another example of the fake ICA website (left) and authentic ICA website (right).
ICA said members of the public are advised to use only its official website at www.ica.gov.sg for all informational and transactional needs concerning ICA matters.
"We would like to assure everyone that access to the official ICA website remains unaffected and no data has been compromised," it added.
ICA said it has made a police report for the matter and will work to bring down the website.
- CNA/xk
- wong chee tat :)
Wednesday, May 4, 2016
More security for '.sg' domain names
More security for '.sg' domain names
Launched by the Singapore Network Information Centre on Tuesday (May 3), this feature protects domain names from being hijacked to redirect to an attacker's website or email system.
Posted 03 May 2016 17:01 Updated 03 May 2016 17:10
SINGAPORE: All ".sg" domain names are getting an additional layer of security, under a new RegistryLock feature launched by the Singapore Network Information Centre (SGNIC) on Tuesday (May 3).
RegistryLock is a free security feature aimed at helping ".sg" registrants mitigate the risk of "domain name hijacking", said SGNIC. This happens when Domain Name System (DNS) nameserver information is changed without authorisation, and if a domain name is hijacked, hackers can redirect the website and emails to computers of his or her choice.
To protect ".sg" registrants, the feature requires the domain name’s administrative contact to unlock the domain name on the RegistryLock portal before the DNS nameserver information can be changed by the registrar. This increases the level of security for the domain name, said the Infocomm Development Authority of Singapore in a press release.
To enable or deactivate RegistryLock, the administrative contact has to login to the VerifiedID@SG and RegistryLock portal using their SingPass ID or an ID from SGNIC.
- CNA/le
- wong chee tat :)
Launched by the Singapore Network Information Centre on Tuesday (May 3), this feature protects domain names from being hijacked to redirect to an attacker's website or email system.
Posted 03 May 2016 17:01 Updated 03 May 2016 17:10
SINGAPORE: All ".sg" domain names are getting an additional layer of security, under a new RegistryLock feature launched by the Singapore Network Information Centre (SGNIC) on Tuesday (May 3).
RegistryLock is a free security feature aimed at helping ".sg" registrants mitigate the risk of "domain name hijacking", said SGNIC. This happens when Domain Name System (DNS) nameserver information is changed without authorisation, and if a domain name is hijacked, hackers can redirect the website and emails to computers of his or her choice.
To protect ".sg" registrants, the feature requires the domain name’s administrative contact to unlock the domain name on the RegistryLock portal before the DNS nameserver information can be changed by the registrar. This increases the level of security for the domain name, said the Infocomm Development Authority of Singapore in a press release.
To enable or deactivate RegistryLock, the administrative contact has to login to the VerifiedID@SG and RegistryLock portal using their SingPass ID or an ID from SGNIC.
- CNA/le
- wong chee tat :)
Saturday, October 31, 2015
Cisco Completes Acquisition of OpenDNS
Cisco Completes Acquisition of OpenDNS
Cisco’s Cloud Delivered Security Portfolio Now Offers Newly Integrated Threat Intelligence and Automated Global Enforcement Capabilities
AUGUST 27, 2015
SAN JOSE, Calif., Aug. 27, 2015 – Cisco (NASDAQ: CSCO) today announced it has completed the acquisition of OpenDNS, a privately held company that provides advanced threat protection for any device, anywhere, anytime. The acquisition will advance Cisco’s Security Everywhere approach by adding broad visibility, enforcement, and threat intelligence from the OpenDNS cloud-delivered platform. In addition to the close of the acquisition, Cisco is announcing the first technology integration of Cisco AMP Threat Grid with OpenDNS services.
Cisco is demonstrating how the OpenDNS acquisition is already accelerating its cloud-delivered security portfolio by unveiling today integration between the technology platforms, which allows joint customers of the OpenDNS Umbrella service and AMP Threat Grid intelligence to benefit. An API connects OpenDNS’ global capability with AMP Threat Grid’s dynamic malware analytics and threat intelligence. This new integration enables AMP Threat Grid customers to automatically transform threat intelligence into threat enforcement by blocking malware and quickly identifying critical security threats discovered by the AMP Thread Grid service.
“Delivering pervasive security capabilities from the cloud is a core part of our mission to provide Security Everywhere across the extended network from data center to the cloud to mobile devices.” said David Goeckeler, senior vice president and general manager, Cisco Security Business Group. “By integrating the OpenDNS platform with Cisco’s security solutions, customers will receive greater network visibility and threat intelligence for cloud delivered protection against malicious websites and threats. Together, we will deliver protection that is unmatched in the industry.”
OpenDNS employees join the Cisco Security Business Group led by Goeckeler. Additionally, David Ulevitch, founder and chief executive officer of OpenDNS, becomes vice president, reporting directly to Goeckeler.
Under the terms of the agreement Cisco paid $635M in cash and assumed equity awards, plus retention based incentives for OpenDNS.
- wong chee tat :)
Cisco’s Cloud Delivered Security Portfolio Now Offers Newly Integrated Threat Intelligence and Automated Global Enforcement Capabilities
AUGUST 27, 2015
SAN JOSE, Calif., Aug. 27, 2015 – Cisco (NASDAQ: CSCO) today announced it has completed the acquisition of OpenDNS, a privately held company that provides advanced threat protection for any device, anywhere, anytime. The acquisition will advance Cisco’s Security Everywhere approach by adding broad visibility, enforcement, and threat intelligence from the OpenDNS cloud-delivered platform. In addition to the close of the acquisition, Cisco is announcing the first technology integration of Cisco AMP Threat Grid with OpenDNS services.
Cisco is demonstrating how the OpenDNS acquisition is already accelerating its cloud-delivered security portfolio by unveiling today integration between the technology platforms, which allows joint customers of the OpenDNS Umbrella service and AMP Threat Grid intelligence to benefit. An API connects OpenDNS’ global capability with AMP Threat Grid’s dynamic malware analytics and threat intelligence. This new integration enables AMP Threat Grid customers to automatically transform threat intelligence into threat enforcement by blocking malware and quickly identifying critical security threats discovered by the AMP Thread Grid service.
“Delivering pervasive security capabilities from the cloud is a core part of our mission to provide Security Everywhere across the extended network from data center to the cloud to mobile devices.” said David Goeckeler, senior vice president and general manager, Cisco Security Business Group. “By integrating the OpenDNS platform with Cisco’s security solutions, customers will receive greater network visibility and threat intelligence for cloud delivered protection against malicious websites and threats. Together, we will deliver protection that is unmatched in the industry.”
OpenDNS employees join the Cisco Security Business Group led by Goeckeler. Additionally, David Ulevitch, founder and chief executive officer of OpenDNS, becomes vice president, reporting directly to Goeckeler.
Under the terms of the agreement Cisco paid $635M in cash and assumed equity awards, plus retention based incentives for OpenDNS.
- wong chee tat :)
Subscribe to:
Comments (Atom)