Infocomm

Published on 01 Mar 2019

Updated on 08 Oct 2019

CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments.


OVERVIEW

The global Info-communications (Infocomm) sector has been a target of a series of cyber-attacks that have grown in scale and sophistication in recent years. Cyber attackers have targeted where it hurts - rendering Internet services unavailable and compromising the confidentiality, availability and integrity of personal data. Some high-profile attacks include; the cyberattack on UK Telecom company TalkTalk in October 2015, the Distributed Denial of Service attack (DDoS) on internet infrastructure company Dyn, which disabled access to services such as PayPal and Twitter in October 2016, and the cyber-attack on German Deutsche Telekom in November 2016.
ddos

In Singapore, local Internet Service Providers (ISPs) play an important role as “gatekeepers,” managing the Internet gateways to enable information flows across the Internet for a safer Internet. To deal with the current and emerging cyber threats, the Info-communications Media Development Authority (IMDA) issued a Secure and Resilient Internet Infrastructure Code of Practice (SRII-CoP), that took effect from 30 April 2011. It puts in place a set of specific security controls and outcomes for ISPs to adhere to, including sharing infocomm security information. ISPs will also put in place measures to better protect businesses and end-users from cyber-attacks such as DDoS attacks. IMDA will continue working with the ISPs to secure the Internet infrastructure for businesses and Individuals. But businesses and individuals should also play their part by practising good cyber hygiene. Doing so will minimise the gaps for threat actors to exploit.

REPORTS

CHINESE CYBERCRIMINALS USE FAKE TELECOM STATIONS TO SPREAD MALWARE

Cybercriminals in China are using fake base transceiver stations (BTSs) to spread Android Malware. These criminals use such BTSs to send SMSes, which appear to be from major Chinese telcos like China Mobile and China Unicorn, but instead are messages with malicious links to the malware.

The use of fake BTSs are neither new nor unique to China. As a precaution, mobile users are advised to regularly update their mobile phone’s firmware and software updates to fix vulnerabilities that cybercriminals seek to exploit. Any strange or suspicious SMSes should also not be clicked but deleted.

Read on by clicking on the story below:


THIEVES ABUSE SS7 ROUTING PROTOCOL TO STEAL FROM 2FA-PROTECTED BANK ACCOUNTS

In January 2017, the German-based newspaper Süddeutsche Zeitung reported that cyber attackers have exploited weaknesses in Signalling System No.7 (SS7), a telephony signalling language used by more than 800 telecommunications companies around the world, to steal from two-factor authentication-(2FA) protected bank accounts. Cyber attackers used SS7 to redirect text messages that banks used to send one-time passwords to numbers controlled by the attackers to transfer money out of their victim’s accounts.

The potential risk of an abuse of the SS7 protocol is not new and was highlighted as early as 2008. Nonetheless, this recent case underscores the risks of relying on text messages for two-factor authentication (2FA).

Read on by clicking on the story below:


CYBERCRIMINALS TURNING TO INSIDERS TO ATTACK TELECOMS

Telecommunications companies control voice and data transmissions, and hold vast amounts of information. This makes them prime targets for cyber-attackers. Russian cybersecurity company Kaspersky Lab has suggested that because of the heightened defences that telcos generally have, cyber-attackers are turning to insiders to carry out the hacking for espionage purposes. In their study, Kaspersky observed that malicious insiders accounted for more than a quarter (28 per cent) of cyber-attacks.

The human factor is often the weakest link in corporate IT security and companies need to continue to educate staff on cyber hygiene practices. Companies also need to put in place robust corporate policies that involve regularly auditing the company’s IT infrastructure and restricting access to sensitive information.

Read on by clicking on the story below:


SATELLITE BROADBAND NOT IMMUNE TO CYBER-ATTACKS

As satellite broadband operators make inroads in providing broadband data connectivity, satellite operators are subjected to potential cybersecurity risks. Satellite operators are prime targets for cyber attackers as they deal with critical infrastructure for the government, ranging from the military, aeronautical to the maritime industry.
Satellite operators also face challenges for example in securing data networks and guarding against potential cyber-attacks against atomic clocks on GPS systems, signal jamming. Singtel has sought to partner with several managed security services and companies to address some of these cybersecurity concerns.

The new variant, Shamoon 2, now targets Saudi Arabian government agencies, including the Saudi aviation regulator, General Authority of Civil Aviation. The Saudi aviation authority claimed that hackers leveraged Shamoon in a “planned” campaign to wipe out critical data, which brought operations there to a halt for several days in December 2016.  The new Shamoon attacks are believed to be launched by the same Iranian state-sponsored hackers who were responsible for the attacks in 2012.

Read on by clicking on the story below:


GERMAN DEUTSCHE TELEKOM HACKER ARRESTED

In February 2017, a 29-year-old-UK national was found responsible for a cyber-attack that knocked almost one million German Deutsche Telekom customers offline in November 2016, putting an end to earlier speculations by several German politicians that the Russians could have been responsible for the cyber-attack.

The cyber-attack on German Deutsche Telekom was “particularly serious” and was classified as a threat to Germany’s national communication infrastructure. The November 2016 Mirai-based attack in Germany came in the wake of Mirai-based attacks faced by other telecom providers such as UK’s TalkTalk.

Read on by clicking on the story below:


TALKTALK HIT WITH RECORD £400K FINE OVER CYBER-ATTACK

In October 2016, the UK Information Commissioner’s Office fined TalkTalk a record of £400,000 (SGD$709,160) fine for the compromise of personal data and sensitive financial data belonging to more than 150,000 customers after it was hacked in October 2015.
The Information Commissioner justified its record fine against TalkTalk for not putting up more robust cybersecurity measures to safeguard its customer information. The fine was levied because the attack “could have been prevented if TalkTalk had taken basic steps to protect customers’ information.”

Read on by clicking on the story below:


SOURCES INCLUDE: SC Magazine UK, ZDNet, DarkReading, The New York Times, Channel NewsAsia and Reuters