StarHub in Singapore is the latest victim of a massive DDoS attacks powered with compromised IoT devices against its DNS infrastructure.
It seems that hackers used kit owned by its customers, the company mitigated the attacks by filtering the malicious traffic and increasing the DNS capacity.
“StarHub Confirms Cause of Home Broadband Incidents on 22 October and 24 October 2016
Singapore, 25 October 2016 – We have completed inspecting and analyzing network logs from the home broadband incidents on 22 October and 24 October and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our Domain Name Servers (DNS). These caused temporary web connection issue for some of our home broadband customers.” reads a message published on Facebook by the company.
“On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity and restored service within two hours.”
The DNS server of the company was hit by a huge volume of traffic that knocked some home broadband customers offline.
The company has no doubts about the malicious nature of the DDoS attack that reached a magnitude and a level of sophistication never experienced before by StarHub.
“These two recent attacks that we experienced were unprecedented in scale, nature and complexity. We would like to thank our customers for their patience as we took time to fully understand these unique situations and to mitigate them effectively”, reads StarHub.
In the message shared by the company there is no explicit reference to the Mirai botnet, but representatives of StarHub told Straits Times speculated the attack was powered by customers’ infected webcams and routers.
The company is inviting its customers to use only IoT from reputable vendors and it is inviting to adopt a proper security posture when dealing with connected objects. The company already started a campaign to sanitize the kit used by its customers.
Singapore’s Cyber Security Agency and the Infocomm Media Development Authority issued a notice to all Internet service providers and telco companies to improve the level of cyber security following two cyber attacks on StarHub.
“This is the first time that Singapore has experienced such an attack on its telco infrastructure,” reads the joint notice.
“Given the increasing connectedness of digital systems, there is no fool-proof solution. It takes a collective effort from companies and society to bolster our cyber resilience,” according to a joint statement late Wednesday.
(Security Affairs – Singapore, Massive DDoS)