 |
| Source: F5 Labs. Timeline of Singapore attacks aligned against the timetable for the DPRK-USA Singapore Summit, popularly known as the Trump-Kim Summit. |
From June 11 to June 12, 2018, F5 Labs, in concert with data partner, Loryka, found that cyberattacks targeting Singapore skyrocketed. Eighty-eight percent of the attacks came from Russia, and 97% of all attacks coming from Russia during this time period targeted Singapore, the company said.
"We cannot prove they were nation-state sponsored attacks, however the attacks coincide with the day President Donald Trump met with North Korean President Kim Jong-un in a Singapore hotel. The attacks targeted voice over Internet protocol (VoIP) phones and Internet of Things (IoT) devices, which appears to be more than a mere coincidence," said Sara Boddy and Justin Shattuck in an F5 Labs article. Boddy is Director of F5 Labs while Shattuck is Principal Threat Researcher and Security Evangelist at F5 Networks.
According to the authors, port SIP 5060, which is used by IP phones to transmit communications in clear text, was the single most attacked port while the No. 2 most-attacked port was Telnet, consistent with IoT device attacks that could be leveraged to gain access to or listen in on targets of interest.
Other ports attacked include the SQL database port 1433, web traffic ports 81 and 8080, port 7541 - which was used by the Mirai and Annie botnets to target Internet service provider (ISP)-managed routers, and port 8291, which was targeted with permanent denial of service (PDoS) attacks by the Hajime botnet on MikroTik routers. A PDoS attack causes hardware to fail permanently.
F5 says approximately 40,000 attacks were launched between 11pm 11 June to 8pm 12 June Singapore time. US President Trump met with North Korean leader Kim Jong-un in Singapore on 12 June.
Singapore was the top destination of the attacks by a large margin, receiving 4.5 times more attacks than the US or Canada. As Boddy and Shattuck note, Singapore is not usually a top attack destination.
Russia was the primary source of the attacks against Singapore during this period, launching 88% of the attacks, primarily from IP address 188.246.234.60. Brazil was the No. 2 attacker, launching 8% of the attacks against Singapore, and Germany was No. 3 with 2% of the attacks. "No attempt appears to have been made to conceal the attacks launched from Russia. There was also no malware associated with the attacks against Singapore from Russia," the authors said.
Russia was the primary source of the attacks against Singapore during this period, launching 88% of the attacks, primarily from IP address 188.246.234.60. Brazil was the No. 2 attacker, launching 8% of the attacks against Singapore, and Germany was No. 3 with 2% of the attacks. "No attempt appears to have been made to conceal the attacks launched from Russia. There was also no malware associated with the attacks against Singapore from Russia," the authors said.
F5 advises users to protect remote administration to any device on their networks with a firewall, virtual private network (VPN), or restrict usage to a specified management network as opposed to open communication to the entire Internet. Vendor default administration credentials should always be changed, and the latest security patches from manufacturers applied.
Hashtag: #trumpkimsummit
No comments:
Post a Comment