Trump / Kim Summit Attracts A Heavy Wave of Cyber Attacks

The number of cyberattacks targeting Singapore skyrocketed from June 11 to June 12, during the meeting between US President Donald Trump and North Korean President Kim Jong-un in a Singapore hotel, and most of these attacks originated from Russia.

Russia has long been said to keep the United States under a continuous barrage of cyberattacks, and even attracted a series of sanctions following the hacking aimed at the 2016 presidential election, which was supposedly the doing of state-sponsored Russian threat actors.

It’s no wonder the Trump-Kim summit was targeted as well, but the number of assaults coming from Russia is indeed impressive: 88% of the total number of observed cyber-attacks came from this country. Furthermore, 97% of all the attacks that originated from Russian during the timeframe targeted Singapore, data from F5 Labs and Loryka reveals.

“We cannot prove they were nation-state sponsored attacks, however the attacks coincide with the day President Donald Trump met with North Korean President Kim Jong-un in a Singapore hotel. The attacks targeted VoIP phones and IoT devices, which appears to be more than a mere coincidence,” F5 says.

The flurry of attacks, the security firm reveals, started out of Brazil by targeting port SIP 5060, the single most attacked port in the timeframe. IP phones use this port to send and receive communications in clear text.

This initial phase, which lasted for only a couple of hours, was followed by reconnaissance scans from the Russian IP address 188.246.234.60, an IP owned by ASN 49505, operated by Selectel, targeting a variety of ports.

The attacks observed on June 11 and June 12 also targeted the Telnet port, which is normally assaulted in IoT incidents. Other targeted ports include SQL database port 1433, web traffic ports 81 and 8080, port 7541 (used by Mirai and Annie to target ISP-managed routers), and port 8291 (previously targeted by Hajime).

During a period of 21 hours, starting at 11:00 p.m. on June 11 through 8:00 p.m. June 12, local time, a total of 40,000 attacks were launched on Singapore. Of these, 92% were reconnaissance scans looking for vulnerable devices, while the remaining 8% were exploit attacks.

“Thirty-four percent of the attacks originated from Russian IP addresses. China, US, France, and Italy round-out the top 5 attackers in this period, all of which launched between 2.5 to 3 times fewer attacks than Russia. Brazil, in the sixth position, was the only other country we detected launching SIP attacks alongside Russia,” F5 reveals.

During the period, Singapore became the top destination of cyberattacks by a large margin, receiving 4.5 times more attacks than the US or Canada. Typically, Singapore is not a top attack destination, and the anomaly coincides with President Trump’s meeting with Kim Jong-un.

While Russia was the main source of attacks, accounting for 88% of them, Brazil was the second largest attacker, launching 8% of the assaults. Germany rounded up top three attackers, with 2%. 

The security researchers also note that there was no attempt made to conceal the attacks launched from Russia and that none of the attacks originating from this country carried malware.

The SIP port 5060 received 25 times more attacks than Telnet port 23, which was the second most targeted. Although attacks on port 5060 are unusual, chances are that the attackers were attempting to gain access to insecure phones or perhaps the VoIP server. The attacks on Telnet were likely trying to compromise IoT devices to spy on communications and collect data.

“We do not have evidence directly tying this attacking activity to nation-state-sponsored attacks, however it is common knowledge that the Russian government has many contractors within Russia doing their bidding, and that a successful attack on a target of interest would make its way through to the Kremlin,” F5 concludes.

Security Week

You Might Also Read: 

Singapore: The Place To Launch Cyber Attacks From:

North Korea's Cyber Soldiers Are Concealed Abroad:
 

 

« Deloitte To Invest £430 Million On Cybersecurity Defences
Five Mistakes US Cyberscurity Vendors Make In The UK »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

PointWire

PointWire

PointWire offers a range of cybersecurity solutions and services including Penetration Testing on various levels, as well as Intrusion Detection and Prevention Systems.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

ExactTrak

ExactTrak

ExactTrak provide embedded cyber security solutions for your digital devices – whenever and wherever you need them.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.