Trump / Kim Summit Attracts A Heavy Wave of Cyber Attacks

The number of cyberattacks targeting Singapore skyrocketed from June 11 to June 12, during the meeting between US President Donald Trump and North Korean President Kim Jong-un in a Singapore hotel, and most of these attacks originated from Russia.

Russia has long been said to keep the United States under a continuous barrage of cyberattacks, and even attracted a series of sanctions following the hacking aimed at the 2016 presidential election, which was supposedly the doing of state-sponsored Russian threat actors.

It’s no wonder the Trump-Kim summit was targeted as well, but the number of assaults coming from Russia is indeed impressive: 88% of the total number of observed cyber-attacks came from this country. Furthermore, 97% of all the attacks that originated from Russian during the timeframe targeted Singapore, data from F5 Labs and Loryka reveals.

“We cannot prove they were nation-state sponsored attacks, however the attacks coincide with the day President Donald Trump met with North Korean President Kim Jong-un in a Singapore hotel. The attacks targeted VoIP phones and IoT devices, which appears to be more than a mere coincidence,” F5 says.

The flurry of attacks, the security firm reveals, started out of Brazil by targeting port SIP 5060, the single most attacked port in the timeframe. IP phones use this port to send and receive communications in clear text.

This initial phase, which lasted for only a couple of hours, was followed by reconnaissance scans from the Russian IP address 188.246.234.60, an IP owned by ASN 49505, operated by Selectel, targeting a variety of ports.

The attacks observed on June 11 and June 12 also targeted the Telnet port, which is normally assaulted in IoT incidents. Other targeted ports include SQL database port 1433, web traffic ports 81 and 8080, port 7541 (used by Mirai and Annie to target ISP-managed routers), and port 8291 (previously targeted by Hajime).

During a period of 21 hours, starting at 11:00 p.m. on June 11 through 8:00 p.m. June 12, local time, a total of 40,000 attacks were launched on Singapore. Of these, 92% were reconnaissance scans looking for vulnerable devices, while the remaining 8% were exploit attacks.

“Thirty-four percent of the attacks originated from Russian IP addresses. China, US, France, and Italy round-out the top 5 attackers in this period, all of which launched between 2.5 to 3 times fewer attacks than Russia. Brazil, in the sixth position, was the only other country we detected launching SIP attacks alongside Russia,” F5 reveals.

During the period, Singapore became the top destination of cyberattacks by a large margin, receiving 4.5 times more attacks than the US or Canada. Typically, Singapore is not a top attack destination, and the anomaly coincides with President Trump’s meeting with Kim Jong-un.

While Russia was the main source of attacks, accounting for 88% of them, Brazil was the second largest attacker, launching 8% of the assaults. Germany rounded up top three attackers, with 2%. 

The security researchers also note that there was no attempt made to conceal the attacks launched from Russia and that none of the attacks originating from this country carried malware.

The SIP port 5060 received 25 times more attacks than Telnet port 23, which was the second most targeted. Although attacks on port 5060 are unusual, chances are that the attackers were attempting to gain access to insecure phones or perhaps the VoIP server. The attacks on Telnet were likely trying to compromise IoT devices to spy on communications and collect data.

“We do not have evidence directly tying this attacking activity to nation-state-sponsored attacks, however it is common knowledge that the Russian government has many contractors within Russia doing their bidding, and that a successful attack on a target of interest would make its way through to the Kremlin,” F5 concludes.

Security Week

You Might Also Read: 

Singapore: The Place To Launch Cyber Attacks From:

North Korea's Cyber Soldiers Are Concealed Abroad:
 

 

« Deloitte To Invest £430 Million On Cybersecurity Defences
Five Mistakes US Cyberscurity Vendors Make In The UK »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

First Response

First Response

First Response is a Cyber Incident Response and Digital Forensic Investigation company.

ID Experts

ID Experts

ID Experts is a leading provider of identity protection and data breach services for companies and individuals throughout the USA.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Axitea

Axitea

Axitea designs, implements and develops the solutions best suited to its customers’ needs and their physical and cyber security requirements.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.