Researchers at F5 Labs have observed a spike in the number of cyber-attacks targeting Singapore from June 11 to June 12, in the wake of the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un in a Singapore hotel.
Experts remarked that typically Singapore is not a top attack destination, and the skipe of the number of attacks coincides with Trump-Kim Jong-un meeting.
Most of the attacks originated from Russia (88% of overall attacks) and frankly speaking, I’m not surprised due to the importance of the Trump-Kim summit.
According to F5 Labs and Loryka, 97% of all the attacks that originated from Russian from June 11 to June 12 targeted Singapore.
“From June 11 to June 12, 2018, F5 Labs, in concert with our data partner, Loryka, found that cyber-attacks targeting Singapore skyrocketed, 88% of which originated from Russia. What’s more, 97% of all attacks coming from Russia during this time period targeted Singapore.” reads the analysis published by F5 Labs. “We cannot prove they were nation-state sponsored attacks, however the attacks coincide with the day President Donald Trump met with North Korean President Kim Jong-un in a Singapore hotel.”
The cyber attacks hit almost any computer system, from VoIP phones to IoT devices. The attacks began out of Brazil targeting port SIP 5060 of IP phones where communications are transmitted in clear text.
After an initial attack that lasted for a couple of hours, researchers observed a reconnaissance activity originated from the Russian IP address 220.127.116.11 that is owned by ASN 49505, operated by Selectel; the scans targeted a variety of ports.
None of the attacks was carried out to spread malware.
“The number two attacked port was Telnet, consistent with IoT device attacks that could be leveraged to gain access to or listen in on targets of interest.” continues the analysis.
“Other ports attacked include the SQL database port 1433, web traffic ports 81 and 8080, port 7541, which was used by Mirai and Annie to target ISP-managed routers, and port 8291, which was targeted by Hajime to PDoS MikroTik routers.”
Singapore was hit by 40,000 attacks in just 21 hours, starting at 11:00 p.m. on June 11 through 8:00 p.m. June 12, local time.
The experts highlighted that only 8% were exploit attacks, while 92% were reconnaissance scans for potential targets.
34% of the attacks originated from Russia, the list of top attackers includes China, the US, France, and Italy.
During the summit time frame, Singapore was the top destination of cyber-attacks, it received 4.5 times more attacks than countries like the U.S. and Canada.
The SIP port 5060 was targeted 25 times more than Telnet port 23, hackers were attempting to gain access to insecure communication systems or VoIP server and to compromise IoT devices to spy on communications.
“We do not have evidence directly tying this attacking activity to nation-state-sponsored attacks, however it is common knowledge that the Russian government has many contractors within Russia doing their bidding, and that a successful attack on a target of interest would make its way through to the Kremlin,” F5 Labs concludes.
(Security Affairs – Trump-Kim Summit, Russia)