Singapore was the top cyber attack target during Trump-Kim talks, says report
Eighty-eight per cent of the 40,000 attacks were launched from Russia
By Cynthia Choo
Singapore was the top cyber attack target around the world during the Trump-Kim summit, with the country experiencing close to 40,000 attacks during the June 12 meeting, according to data collected by American technology company F5 Networks and its data partner Loryka.
Data analysis by F5 Networks’ Threat Research Intelligence team, which monitors global attacks, found that cyber attacks “skyrocketed” from June 11 and 12.Eighty-eight per cent of the 40,000 attacks were launched from Russia, followed by eight per cent from Brazil, and two per cent from Germany.
In addition, 97 per cent of all attacks from Russia during the two-day period were targeted at Singapore, said F5 Network’s report which was published on June 14. The company could not verify if the attacks were state sponsored.
Singapore also received up to 4.5 times more attacks than the United States or Canada on both days.
Approximately 40,000 attacks were launched between 11pm on June 11, to 8pm on June 12 (Singapore time), peaking during the three-hour meeting between US President Donald Trump and North Korean leader Kim Jong-un at Capella Singapore in Sentosa.
The cyber attacks saw a sharp decline around the time Mr Trump held a 75-minute press conference at 4pm, before he departed for the US.
Of the 40,000 attacks, 92 per cent were reconnaissance scans looking for vulnerable devices, while the other eight per cent were exploit attacks, which refers to attempts to upload malicious software.
Reconnaissance scans target vulnerable devices, and allow hackers to listen in on their targets. The F5 Network’s report stated that the attacks on June 12 targeted the Internet of Things devices, and Voice-over Internet Protocol (VoIP) phones, which are commonly used in offices and hotel rooms.
Responding to queries, the Cyber Security Agency of Singapore (CSA) said on Monday (June 18) that “there were no reports of any successful attacks to our Critical Information Infrastructure (CII) sectors and related entities during the Summit”.
This was confirmed by one of F5 Networks’ researchers, Mr David Holmes, who told TODAY during a conference call that there were no successful breaches or attacks.
The CSA, however, refuted the findings of F5’s report, as its spokesperson said that the numbers “are a result of increased scanning activities on network ports and are not reflective of the occurrence of cyber attacks linked to the Summit”.
The agency added: “These activities are opportunistic and originate from different sources. In the lead up to the summit, CSA was alerted to possible phishing activities.
“We stepped up our monitoring and put in place preventive measures to deal with potential cyber threats.”
For instance, the CSA had reached out to the three summit venues – Capella Singapore, Shangri-La Hotel and St Regis Singapore – to provide instructions on cybersecurity hygiene measures. These included measures to ensure that the hotels’ networks and systems, as well as guests’ data, were adequately protected.
In his interview with TODAY, Mr Holmes, a threat researcher at F5, noted the coincidence in the timing of the attacks, as well as the unusual mode of attack via desk phones. He noted that the firm “saw probes” and “attempts to upload malware” during the summit.
“The significance of this surge in cyber attacks is that I can’t remember the last time we had such a large attack on Voice-over IP phones,” he said.
Originally called F5 Labs when it was started in 1996, F5 Networks is one of Seattle’s most prominent publicly listed tech companies.
The firm, which is also involved in cloud software and anti-malware solutions, recorded a revenue of US$2.1 billion in the fiscal year 2017. It was also recently named among the top 10 Asia-Pacific firms by Forbes Global.