lolloj - Fotolia

Singapore universities hit by advanced persistent threat attacks

The attacks on NUS and NTU networks appear to be the work of APT actors and not casual hackers

The computer networks of two universities in Singapore were breached in April 2017 by hackers looking to steal information related to government or research, according to the country’s Cyber Security Agency (CSA).

The National University of Singapore (NUS) detected an unauthorised intrusion into its IT systems on 11 April 2017 during cyber security assessments by external consultants who had been engaged to strengthen its cyber defence.

About a week later, the Nanyang Technological University (NTU) also detected that its network was attacked when it ran regular checks on its systems.

Following the intrusions, both NTU and NUS alerted the CSA, which has been working with the universities to conduct forensic investigations. It is also assisting with incident response and immediate measures to mitigate any potential impact of the attacks.

The affected desktop computers and workstations were quickly isolated, removed and replaced. CSA said it is working closely with the universities in ongoing investigations, which have so far revealed that both attacks were the work of advanced persistent threat (APT) actors and not casual hackers.

The CSA said there was no evidence that information or data related to students was being targeted.

“However, as the universities’ systems are separate from government IT systems, the extent of the APTs’ activities appear to be limited. The daily operations of both universities, including critical IT systems such as student admissions and examinations databases, were not affected,” it added.

Exploiting schools to steal government information is relatively rare
Ryan Flores, Trend Micro Asia-Pacific

NUS and NTU have increased vigilance and adopted additional security measures beyond those already in place.

Meanwhile, the Singapore Computer Emergency Response Team has reached out to the other autonomous universities in Singapore, as well as informed operators of critical information infrastructure (CII) to step up monitoring and checks on their networks.

The CSA said there has been no sign of suspicious activity in CII networks or government networks so far.

The latest attacks follow the February 2017 breach of a Singapore Ministry of Defence (Mindef) system that provides internet access for servicemen and employees.

According to Mindef, the identity card numbers, telephone numbers and dates of birth of around 850 servicemen and employees were stolen from the system. No classified information that resides in separate air-gapped systems was compromised.

Bill Taylor-Mountford, vice-president at LogRhythm Asia Pacific and Japan, said the attacks on NUS and NTU show that hackers are no longer just targeting the usual suspects in Singapore, such as financial institutions, government and critical infrastructure.

“Universities hold valuable personal data, including intellectual property that can bring about financial gain. Today, we can no longer prevent attackers from gaining access. We are almost fighting a losing battle if we only focus on prevention. It is more important to be able to detect a breach and quickly neutralise it,” he said.

Ryan Flores, senior manager for forward-looking threat research at Trend Micro Asia-Pacific, noted that while there have been APT attacks targeting the education sector, most of them were for intellectual property and research theft.

“Exploiting schools to steal government information is relatively rare,” he said. “Governments and education institutions should regard this case as a cautionary tale – nowadays hackers don’t necessarily have to hack into government systems to steal information, they are exploring other less-protected alternatives.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management