Cyberattack behind StarHub broadband disruptions

SINGAPORE — The two disruptions that StarHub broadband subscribers experienced last Saturday (Oct 22), and again, on Monday (Oct 24), was caused by a cyberattack, the telco said late on Tuesday, adding that it was keeping its eyes on possible follow-up attacks.

StarHub said it has completed inspections and analysis of its network logs, and “we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our Domain Name Servers (DNS)”.

The source of the two attacks, however, is still being investigated, it added. “We continue to stay vigilant against possible follow-up DDoS attempts.”

A DDoS attack typically occurs when multiple systems flood the bandwidth of a targeted system.

“These two recent attacks that we experienced were unprecedented in scale, nature and complexity. We would like to thank our customers for their patience as we took time to fully understand these unique situations and to mitigate them effectively,” the telco said.

StarHub’s statement came after the Cyber Security Agency and Infocomm Media Development Authority (IMDA) said a cyberattack cannot be ruled out as the cause of the disruptions on Saturday and Monday for StarHub’s customers. The agencies also added that other telcos here have been told to step up their defences against similar incidents.

In response to queries, Singtel said: “We did not observe any abnormal traffic trends over the past weekend but will continue to monitor our networks closely. We have a robust monitoring system and resilient protection mechanisms in place to safeguard our networks.”

M1 also said it was “on alert”.

“As a communications company, information security is at the heart of our business and we have made significant investments to defend our systems against cyberattacks, including DDoS attacks,” said a spokesperson.

Earlier, StarHub had issued a statement saying that a spike in data traffic to its DNS were what caused the disruptions.

While the telco said the security of its customers’ information “was not compromised” in the incidents, the CSA and IMDA said that they have been “paying close attention to developments” as the incident happened on the heels of Friday’s attack against the United-States-based DNS service provider, Dyn.

The Dyn attack was one of the largest DDoS attacks known — involving traffic coming from “tens of millions” of IP addresses, according to the company — and had rendered many popular websites unreachable, including Twitter, Netflix and PayPal.

The IMDA also said it is working with StarHub to strengthen its infrastructure and processes, while the CSA is “studying and addressing the risks of DDoS attacks on our communications systems, as well as the measures to mitigate the impact of such attacks if they happen”. ADDITIONAL REPORTING BY KENNETH CHENG