SINGAPORE: The National University of Singapore (NUS) and Nanyang Technological University (NTU) suffered separate IT network breaches in April, according to the Cyber Security Agency (CSA) and the Ministry of Education (MOE) on Friday (May 12).
On Apr 11, NUS detected an unauthorised intrusion into its IT systems through a single server, while NTU detected a malware attack on Apr 19 possibly due to phishing or browsing of infected sites.
Both universities then alerted CSA, which has since been assisting them by conducting forensics and implementing mitigating measures, the joint press release added.
The objective of the attacks "may be to steal information related to Government or research", said authorities, adding that "there is no evidence that information or data related to students was being targeted".
Malicious activity was also detected in other institutions, Government agencies and industries during this period - but these were isolated and limited incidents which were quickly cleaned up, Channel NewsAsia understands.
"NOT WORK OF CASUAL HACKERS"
This is the first sophisticated cyber attack on Singapore universities. It was targeted, carefully planned and "not the work of casual hackers", said authorities.
The attacks were not part of a coordinated, orchestrated campaign and were not identical - they did not originate from the same place, and were not conducted by the same people.
But Advanced Persistent Threat (APT) actors - perpetrators who manage to gain access to a network without being detected and are able to continuously access information whenever they want over a period of time - were involved in both incidents.
"However, as the universities' systems are separate from Government IT systems, the extent of the APTs' activities appear to be limited," said CSA and MOE. "The daily operations of both universities, including critical IT systems such as student admissions and examination databases, were not affected."
Said CSA chief executive David Koh: "We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons.”
CSA, MOE and the universities said they would not be able to provide further details about the incident as it "could impact the effectiveness of additional defensive and preventive measures being put in place".
Minister for Communications and Information Yaacob Ibrahim wrote on Facebook on Friday that the attacks are a "stark reminder" that cyber threats are real in Singapore. He added that the breaches are of concern, but that the situation has been contained.
"As we become more digitally connected, such threats will continue to increase in sophistication, and both public and private sector organisations are equally vulnerable," Dr Yaacob said, who added that individuals can also do their part to be vigilant and practise good cyber hygiene.
ADDITIONAL SECURITY MEASURES IMPLEMENTED
A NUS spokesperson said "immediate action was taken to isolate and remediate affected desktop computers and servers". Similarly, NTU said it immediately removed and replaced affected machines which included shared personal computers and front-end workstations.
"NUS and NTU have increased vigilance, and adopted additional security measures beyond those already in place," said the authorities.
CSA has reached out to other autonomous universities in Singapore, as well as Critical Information Infrastructure (CII) sectors and Government, to step up monitoring and checks on their networks.
"There has been no sign of suspicious activity in CII networks or Government networks thus far," said authorities.
In an email to NUS students on Friday, the university's chief IT officer Tommy Hor informed them that additional measures would be put in place to safeguard its IT systems. These include stepping up network and system monitoring as well as enhancing security management.
The email added that students are not required to change their password for NUSNET, which is the portal used for accessing email and e-resources, although they can if they want to.
"This incident highlights the rising sophistication of cyber security attacks and the need for heightened vigilance," said Mr Hor. "We would like to emphasise the importance of adopting good cyber and information security practices."
The latest cyber attack comes on the heels of the Ministry of Defence's revelation in February that the personal data of 850 national servicemen and employees were stolen following a breach in its I-net system. The Ministry of Foreign Affairs' IT system was also breached, according to Minister for Communications and Information Yaacob Ibrahim in Parliament in 2015.
CSA's Mr Koh previously said that from 2015 to June 2016, there have been 16 waves of targeted cyberattacks surfaced to the agency's attention.