Singapore telecoms group Starhub hit by attacks on DNS servers
Less than a week after the attack on US-based DNS service Dyn, affecting websites and services from organisations including Amazon, Spotify, Twitter and Netflix to name just a few, it appears no random coincidence that a DDoS attack was responsible for disruption of services to Starhub’s home broadband customers.
StarHub issued a statement on Tuesday (Oct 25) night to confirm that its broadband disruption on Saturday and Monday were due to “malicious distributed denial-of-service (DDoS) attacks on our Domain Name Servers (DNS)”.
The Singapore Cyber Security Agency and the Infocomm Media Development Authority commented:
“We cannot rule out the possibility that this was a DDOS (Distributed Denial of Service) attack,” said both agencies in a statement on Tuesday (Oct 25) evening. “What is important now is for StarHub to determine the root cause of the problem and prevent a recurrence.”
DDoS attacks work by getting infected devices, which now include Internet of Things (IoT) devices such as DVRs, webcams, baby monitors, internet connected speakers etc., to access and overwhelm a targeted site, causing a huge spike in traffic. A DNS is a database that translates web addresses e.g. www.InfosecPartners.com, into IP addresses – for customers to view websites on their computers. When a DNS is not operating optimally, customers may not be able to access websites as we’ve witnessed from the Dyn and Starhub attacks.
Was this predicatble?
Bruce Schneier, the Godfather/Nostradamus of Cybersecurity suggested as much when he wrote the following in his lawfareblog.com article:
“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. “If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). “One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.”
Infosec Partners can help
Concerned that your organisation isn’t prepared for a DDoS attack, or worried that your Internet connected devices at home might have been breached? We can help. From stress testing significant organisation’s security strategy and resilience to attacks including DDoS, to securing exclusive estates using full home-automation and IoT technologies, Infosec Partners are proven experts in full-spectrum cybersecurity and a team you can trust.
For your free consultation, complete the adjacent form or to speak with trusted advisor immediately
Call us on +44 (0)1256 893662.
Did you know? Infosec Partners are the only full-spectrum security experts accredited to implement, manage and troubleshoot the top three home-automation vendors (Crestron, Control4 and Savant), and the first ever to integrate these with security from leading security vendors including Fortinet which named Infosec Partners it’s first ever UK Partner of Excellence.
