Oleksii - stock.adobe.com

Singtel falls prey to supply chain attack

The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack

Singapore telco Singtel has revealed that a legacy file-sharing system that it had been using was attacked by hackers who exploited software vulnerabilities that included a zero-day flaw.

It was informed of the incident in December 2020 by Accellion, the supplier of the system which it had been using to share information internally and with external parties. Called FTA, the system is a 20-year-old product nearing end-of-life.

Singtel has since suspended the use of FTA and activated investigations and is working closely with cyber security experts and the authorities, including the Cyber Security Agency of Singapore, which is providing additional guidance. 

The telco is currently conducting an “impact assessment” to ascertain the nature and extent of data that has been potentially accessed. It said customer information could have been compromised.

“Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks. We will reach out to them at the earliest opportunity once we identify which files relevant to them were illegally accessed,” Singtel said in a statement today.

“This is an isolated incident involving a standalone third-party system. Our core operations remain unaffected and sound,” it added.

Accellion said it has patched all known FTA vulnerabilities exploited by the attackers and has added new monitoring and alerting capabilities to flag anomalies.

Read more about cyber security in APAC

Stas Protassov, co-founder and technology president of Acronis, a cyber protection firm, said if customer data was indeed compromised, it was likely to be information such as customer balances, usage plans and average spending. “That information could still be useful to scammers, but also could be valuable to Singtel’s competitors, if they got access to it,” he said.

Protassov noted that legacy systems such as Accellion FTA pose a huge security risk and that Singtel and others should consider migrating to modern supported systems to avoid the worst-case scenario.

“And if customer data is involved, companies should always use the system with extensive audit logging – it provides information on what files were accessed and by whom,” he said.

Protassov said a dump of any compromised data from the incident had not been detected on the dark web, noting that such a database could be worth several million dollars.

Supply chain vulnerabilities have come under the spotlight in the aftermath of the attack on SolarWinds’ network management software which many large enterprises and governments rely on.

“Going after suppliers means a larger number of victims and less work for attackers – leading to bigger profits,” said Protassov.

“There are targeted attacks and there are opportunistic attacks. In targeted attacks, such as the one against SingHealth, attackers are determined to get information on specific targets. If they cannot penetrate the target directly, they go after the target’s suppliers or partners.”

Next Steps

Accellion FTA attacks claim more victims

Codecov breach raises concerns about software supply chain

Twilio discloses breach caused by Codecov supply chain hack

Read more on Hackers and cybercrime prevention

CIO
Security
Networking
Data Center
Data Management
Close