Singapore's StarHub has blamed DDoS attacks originating from its customers' own infected devices for two broadband outages over the past few days.
At a press conference yesterday, StarHub announced the latest findings of an investigation into the outages on October 22 and 24, the Straits Timesreported.
Both outages lasted for around two hours, leaving many home broadband customers unable to surf the web due to a spike in DNS traffic originating from infected machines.
Because the traffic originated from StarHub's own subscribers, it appeared legitimate. But when the attack was detected, StarHub manually filtered out the traffic from the infected devices to restore services for its other customers.
StarHub announced it plans to send technicians to help customers clean up any infected devices at their homes.
Singapore’s Cyber Security Agency and the Infocomm Media Development Authority have urged operators to strengthen their defense against DDoS attacks, and noted that this marks the first time Singapore has experienced such and attack on its network infrastructure.
Darktrace managing director for APAC Sanjay Aurora said operators and ISPs are likely to find themselves increasing targets of attack.
“The core infrastructure of telecommunications companies is a very desirable target for cybercriminals [but] gaining access is extremely difficult and requires deep expertise in specialist architecture,” he said.
“What ISPs should be wary of, is the possibility of similar DNS amplification attacks on a more regular basis, given that they require relatively little skill and effort but can cause a large amount of damage. This makes them increasingly popular among hackers.”
He said DNS-based DDoS attacks can impact networks by saturating bandwidth with malicious traffic, while also increasing volumes of support calls and negatively impacting the customer experience and ultimately revenue.
Aurora added that there is a possibility that the DDoS attack was caused by Mirai, the IoT botnet responsible for the recent DDoS attack against US-based DNS service provider Dyn. This attack used infected IoT devices.