14 DAY TRIAL // StarHub, Singapore's biggest telecommunications provider, said today that two recent DDoS attacks that have targeted its DNS infrastructure had been carried out using botnets of compromised broadband routers and webcams.
The telco's explanation is reminiscent of the recent DDoS attacks that targeted the infrastructure of Dyn, a provider of global managed DNS services. These attacks had prevented a large number of users from Europe and the US from accessing popular sites such as Twitter, Reddit, Imgur, Soundcloud, Spotify, Etsy, GitHub, and more.
The attacks that targeted StarHub took place late on Saturday night, October 22, and then late evening, on Monday, October 24.
Both attacks, as StarHub explained, targeted the company's DNS infrastructure, which downed Internet connectivity for all its clients. Around 5 million people live on the small island of Singapore.
The Cyber Security Agency of Singapore (CSA) and Infocomm Media Development Authority (IMDA) said they started investigations into the attacks.
StarHub says it was an "intentional and likely malicious" attack
"We have completed inspecting and analysing network logs from the home broadband incidents on 22 October and 24 October and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our Domain Name Servers (DNS)," StarHub wrote late Tuesday night, hinting at a concentrated attack to take down its infrastructure, and not a random incident.
Albeit the attacks are similar to the Dyn DDoS attacks, there is no evidence as of yet that the StarHub attack came from a botnet of devices infected with the Mirai malware, as were the Dyn attacks.
The Twitter account @MiraiAttacks, which keeps track of DDoS attacks originating from several (not all) Mirai-powered botnets, did not pick up any attacks aimed against Singaporean IPs for the aforementioned two days.