Russian cyberattacks targeting Singapore spike during Trump-Kim summit: Study

Russian cyberattacks targeting Singapore spike during Trump-Kim summit: Study

Russia accounted for 88 per cent of cyberattacks targeting Singapore on Jun 12, says threat intelligence research team F5 Labs.

Trump Kim Sign 8
US President Donald Trump and North Korea's leader Kim Jong Un shake hands following a signing ceremony during their historic US-North Korea summit. (Photo: AFP/Saul Loeb)

SINGAPORE: On the day history was made when United States President Donald Trump met with North Korean leader Kim Jong Un, host nation Singapore saw a surge in cyberattacks from Russia, according to a report by online threat analysts F5 Labs.

Russia accounted for 88 per cent of the attacks against Singapore on Jun 12 - the day both leaders met, F5 Labs and its data partner Loryka said in a Jun 14 blog post. 

In addition, of all the attacks originating from Russia, 97 per cent of these targeted Singapore, the blog post said. 

Timeline of Russia cyberattacks against Singapore
(Timeline: F5 Labs)

Going deeper into the data, F5 Labs said approximately 40,000 attacks were launched between 11pm (3pm UTC) on Jun 11 and 8pm (12pm UTC) on Jun 12. 

It added that 92 per cent of the attacks collected were reconnaissance scans looking for vulnerable devices while the remaining 8 per cent were "exploits", which take advantage of vulnerabilities.

The top attack destination port was the Session Initiation Protocol (SIP) port 5060, which is an Internet Protocol phone protocol. 

"It is unusual to see port 5060 as a top attack destination port. Our assumption is that the attackers were trying to gain access to insecure phones or perhaps the VoIP server," the study said.

It added: "Singapore was the top destination of the attacks by a large margin, receiving 4.5 times more attacks than the US or Canada. Singapore is not typically a top attack destination country; this anomaly coincides with President Trump’s meeting with Kim Jong Un."

The study did point out that it was "unclear" what the attackers were after or whether they were successful, and F5 Labs said it will continue to analyse the data collected. 

"We do not have evidence directly tying this attacking activity to nation-state-sponsored attacks," the study added. 

"However, it is common knowledge that the Russian government has many contractors within Russia doing their bidding, and that a successful attack on a target of interest would make its way through to the Kremlin."

In response to Channel NewsAsia's queries, the Cyber Security Agency (CSA) of Singapore said it believes that the numbers indicated in the article by F5 Labs are a result of "increased scanning activities on network ports and are not reflective of the occurrence of cyberattacks" linked to the summit. 

"These activities are opportunistic and originate from different sources," CSA said. "In the lead-up to the summit, CSA was alerted to possible phishing activities. We stepped up our monitoring and put in place preventive measures to deal with potential cyber threats. 

"There were no reports of any successful attacks to our Critical Information Infrastructure sectors and related entities during the summit."

CSA said it reached out to the three event hotels - Capella, Shangri-La and the St Regis - to provide instructions on cybersecurity hygiene measures. These include measures to ensure that the hotels' networks and systems, as well as guests' data, were adequately protected.

CSA said it also worked with various parties to review the infrastructure and network setup at the International Media Centre to reduce the risks of cyber disruptions.

Source: CNA/kk