Singapore was the top target of cyberattacks across the globe during the much-hyped Trump-Kim summit which took place from June 11 and 12, according to data collected by F5 Networks, in concert with data partner Loryka.
The analysis of data by F5’s Threat Research Intelligence team (F5 Labs) which monitors global attacks, found that cyberattacks targeting Singapore skyrocketed from June 11 and June 12 – the period immediately preceding and following the highly hyped meeting—with 88% of the attacks launched from Russia. In fact, data analysis by F5 and partner Loryka showed that 97% of all attacks originating from Russia during the two-day period were directed at Singapore.
These attacks, which targeted voice-over-IP (VoIP) phones and Internet of Things (IoT devices), appears to be more than a mere coincidence. While there was no evidence directly tying these attacking activity to nation-state sponsored attacks, the attacks happened the day President Donald Trump met with North Korean President Kim Jong-un in a Singapore hotel—during a period of 21 hours, starting at 11:00 p.m. on June 11 through 8:00 p.m. June 12, local time, a total of 40,000 attacks were launched on Singapore. Additionally, they are also consistent with recent incidents of apparent Russian involvement in coordinated cyberattacks against the U.S., which prompted numerous sanctions against Russian officials and businesses since the 2016 Presidential election. Earlier in April, the US-Cert also issued an alert regarding Russia maintaining persistent access to small office and home office routers warning of widespread espionage.
Key highlights of the data include:
- Singapore, which is not typically a top attack destination country, was the top destination of the attacks, receiving 4.5 times more attacks than the U.S or Canada. This anomaly coincides with President Trump’s meeting with Kim Jong-un.
- Singapore battled approximately 40,000 attacks in a 21 hour period (starting at 11:00 p.m. on June 11 through 8:00 p.m. June 12, local time) –92% of those were reconnaissance scans looking for vulnerable devices; while the other 8% were exploit attacks.
- Russia accounted for 88% of the attacks against Singapore on 12 June 2018, followed by Brazil (2%) and Germany (2%).
- The attack began out of Brazil targeting port SIP 5060, which is used by IP phones to transmit communications in clear text; this was the single most attacked port.
- The number two attacked port was Telnet, consistent with IoT device attacks that could be leveraged to gain access to or listen in on targets of interest.
- Other ports attacked include the SQL database port 1433, web traffic ports 81 and 8080, port 7541, which was used by Mirai and Annie to target ISP-managed routers, and port 8291, which was targeted by Hajime to PDoS MikroTik routers.
To find out more, please refer to the full article on F5’s blog here.