Starhub: Recent cyberattack used home-infected computers

0

The cyberattacks that recently crippled the StarHub’s broadband service twice in three days, was using infected internet-connected devices in the homes of subscribers, the telco said on Wednesday (26 Oct).

StarHub chief technology officer, Mock Pak Lum, said that subscribers’ devices could have been infected by viruses and malware because users had not changed the default password, that “It allows hackers to control these devices to automatically send traffic to a destination.”

“Many times, the owners of these computers don’t know what’s happening,” he said at a press briefing Wednesday (27 Oct).

Mr Mock said StarHub would soon ask subscribers if they would allow technical teams to visit and check their internet-connected devices.

However, StarHub was still not able to answer many questions, such as:

  • The intent of the perpetrators,
  • Why was it the only telco that was targeted,
  • Are the attacks were actually something more malicious than they appear to be.

Mr Mock added: “Everyone has a role to play in cybersecurity readiness. If you were to buy a webcam from Sim Lim Square, try to get a reputable one. If you buy a device, try to reset the default password very quickly. If you have a computer at home, set up your firewall.”

“How did the malware get into your system, a lot of times it is through a phishing email, you click on the attachment, and it carries malware,” he said.

Commenting on the incident, cyber security experts said telcos are increasingly the target of cyber attacks, with aging technology infrastructure and Internet of Things with poor security singled out as the weakest links.

The Cyber Security Agency (CSA) and Infocomm Media Development Authority (IMDA) said the distributed denial-of-service (DDoS) attacks on the Singapore telco’s infrastructure were never happened before, so users are urged to do their part to strengthen their cybersecurity.

There are 473,000 StarHub home broadband subscribers.

The CSA and IMDA explained, “Any Internet-connected device, from WiFi routers to printers to CCTVs, can inadvertently be part of a network of ‘bots’ that can be activated to attack other systems, there is ‘no fool-proof solution’ and a collective efforts from companies and users was needed to support cyber resilience.”

“SingCERT (Singapore Computer Emergency Response Team) will publish an advisory on what businesses and individuals should do to secure their Internet-connected devices,” they said.

DDoS attacks on Domain Name Services (DNS), are rare, but last week, a similar incident hit United-States-based DNS service provider Dyn, causing one of the largest known DDoS attacks that took out many popular websites, including Twitter, Netflix, and PayPal. It also happened in Australia on 9 August, in which case IBM stated the cause was due to a distributed DDoS attack from Singapore.

Mr Vincent Loy, Leader of Cyber and Financial Crime at PWC, told Today Online at the Financial Times Cyber Security Summit Asia Pacific, that banks and telcos increasingly become the targets of cyber attacks.

“The incidents seem to be (mostly) linked to Internet of Things. All the equipment are connected to one another, and this will be used as a weapon to attack companies or countries,” he said.

He added that many of such devices do not have password control and continued, “And a lot of the equipment has been built many years ago, and you can’t build in the security, you need to identify them and segregate them and think of other actions you can do to mitigate cyber risk.”

Mr Madan Oberoi, director of the Cybercrime Directorate at INTERPOL, was also at the conference, and he said there needs of platforms for multiple stakeholders to investigate and identify criminals, in order to get ‘successful prosecution’.

“Whenever there is an attack, it does not involve just one jurisdiction, or one industry. Pieces of evidence are left in various jurisdictions, and unless the stakeholders come together, it will be difficult to solve the puzzle. Only if they contribute by sharing information, then the possibility of nabbing the criminal is much higher,” he said.