Singapore telco says DDoS attacks behind two recent outages

StarHub has attributed the cause of two service outages this past week to "intentional and likely malicious DDoS attacks", adding that it is working with authorities to identify the culprits.
Written by Eileen Yu, Senior Contributing Editor

StarHub has identified the cause of two service outages in the past week, pointing to distributed denial-of-service (DDoS) attacks on its Domain Name Servers (DNS).

Pockets of the Singapore telco's home broadband customers were unable to connect to the internet on October 22, and again on October 24. In a statement issued late Tuesday, StarHub said it experienced "intentional and likely malicious DDoS attacks" on its DNS, flooding its servers and causing its customers to experience connection issues.

"These two recent attacks that we experienced were unprecedented in scale, nature, and complexity," it noted.

The telco said it countered the attack by filtering unwanted traffic and boosting its DNS capacity, adding that it services were restored within two hours on both occasions. It added that customer data was not breached and other services were not affected.

StarHub did not rule out potential followup DDoS attacks and said it was working with local authorities to identify the source of and motive behind the attacks.

At a briefing late-Wednesday, the telco told local reporters devices of its subscribers also could have been compromised due to weak security, allowing hackers to gain access and send traffic to a targeted destination.

While StarHub was unable to provide details on how many hijacked devices were involved in the attack, the telco said it would begin seeking the permission of subscribers to allow its technical engineers to visit their homes and check their web-connected devices.

Commenting on the incident in a statement, Darktrace's Asia-Pacific managing director Sanjay Aurora said DDoS attacks targeting DNS could bring down networks by saturating bandwidth with malicious traffic and driving up support calls due to the service disruption.

He added that such attacks had been observed to act as a distraction, drawing focus away from other attacks launched at the same time within the targeted organisation's network, for instance, with the goal of pushing malware or a ransomware attack.

Aurora said: "What ISPs (internet service providers) should be wary of, is the possibility of similar DNS amplification attacks on a more regular basis, given that they require relatively little skill and effort, but can cause a large amount of damage. This makes them increasingly popular among hackers."

US domain name system service provider, Dyn, last week also suffered a DDoS attack that caused several of its customers' websites, which included Reddit and Twitter, to experience laggy or downed connections.

Editorial standards