Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

DDoS attacks behind Singapore’s StarHub broadband disruption

Kareyst Lin | Oct. 27, 2016
Computers and devices of the telco’s own customers were used in the attacks.

ddos

The two recent broadband service outages that hit Singapore's telecommunications company StarHub were the result of denial-of-service (DDoS) attacks on their Domain Name Servers (DNS), the telco confirmed on 25 October 2016. 

"These two attacks [on 22 October and 24 October] were unprecedented in scale, nature and complexity," StarHub said in a media statement.

"This is the first time that Singapore has experienced such an attack on its telco infrastructure," said the Cyber Security Agency and the Infocomm Media Development Authority (IMDA) said in a joint statement. Other telcos have been advised to step up their defenses against similar incidents.

Computers and devices of StarHub's own customers were used in the attack, according to Mock Pak Lum, StarHub's Chief Technology Officer.

During a DDoS attack, the subscribers' bug-infected devices turned into zombie machines that repeatedly sent queries to StarHub's DNS, overwhelming it.

As traffic came from its own subscribers, they appeared legitimate. StarHub manually filtered out traffic from the hijacked machines and increased its DNS capacity to restore its services.

DDoS attacks increasingly popular among hackers
"Internet Service Providers (ISP) should be wary of the possibility of similar DNS amplification attacks on a more regular basis, given that they require relatively little skill and effort but can cause a large amount of damage," said Sanjay Aurora, Managing Director, Asia Pacific, Darktrace.

This makes DDoS increasingly popular among hackers.

"[DDoS attacks cause] widespread disruption and panic, with underlying motivations for financial gain or to extract sensitive information and data," said Aurora.

He added that such attacks can serve as a distraction to draw attention away from other intrusions that the hackers perform simultaneously within the organisation's network environment.

For example, the main aim could be to deliver malware, to open a route into a key enterprise subscriber, or to perpetuate a large-scale ransomware attack.

The core infrastructure of telecommunications companies is a very desirable target for cyber criminals, Aurora added. 

 

Sign up for Computerworld eNewsletters.