Singapore's Infocomm Media Development Authority (IMDA) has issued StarHub a warning over two brief home broadband outages from October last year, after finding that the disruptions were caused by a surge in legitimate DNS traffic.
StarHub Online's home broadband network was disrupted on October 22 and October 24, causing fiber customers in parts of the market to lose connectivity intermittently for around 130 minutes and 55 minutes respectively.
The initial symptoms of the outage bore the hallmarks of a DDoS attack, and the timing coincided with the massive DDoS attacks on DNS provider Dyn in the US.
But IMDA said an in-depth investigation involving reviewing logs of StarHub DNS servers and consumer devices identified as responsible for the disruptions did not uncover any evidence to suggest that the cause was a DDoS attack.
Instead, a higher-than-usual build-up in StarHub DNS traffic just prior to the disruption appears to be to blame, as these mostly legitimate DNS requests eventually overloaded part of StarHub’s home broadband infrastructure.
IMDA and the Cyber Security Agency of Singapore (CSA) identified areas of improvement in StarHub's network infrastructure during the investigations, and said StarHub has taken steps to mitigate the risks of further outages, including boosting home broadband DNS server capacity and enhancing traffic monitoring.
In an emailed statement, StarHub said it noted the findings that the outages did not fit typical DDoS patterns.
“The authorities have acknowledged the fact that we have increased our DNS processing capacity and taken additional security measures to better avert similar incidents,” the statement reads.
“We assure our customers and the regulator that we will continuously review our security posture and enhance network resilience in partnership with network and security providers.”