[ad_1]
SINGAPORE – There is no reason to believe that Singapore was the target of the recent high-profile hacking attack involving cybersecurity firm FireEye and software provider SolarWinds Corp, authorities said Tuesday night (December 15) .
Still, the Singapore Cyber Security Agency (CSA) said it sent out a notice on December 9 for companies to disconnect affected cybersecurity tools and update their systems to protect against cybercriminals.
FireEye, one of the largest cybersecurity companies in the United States, said earlier this month that it was hacked in a state-sponsored attack. The company’s hacking tools, which are used to test its clients’ defenses, were stolen in the process.
The attack on a company that has a series of contracts in the United States and its allies is one of the most important infractions in recent times.
The company is a strategic partner of CSA, which oversees national cybersecurity functions and protects critical Singapore services.
Following the company’s investigations this week, FireEye discovered that one of its software vendors, US-based SolarWinds Corp, was also hacked and used to break into US government systems.
Investigations into cyber attacks are ongoing.
CSA told The Straits Times that to their understanding, the scope of the FireEye attack was limited and did not affect Singapore.
“According to information from FireEye, the attack was very targeted, and the breach was limited to FireEye’s offices in the United States. There has been no evidence to suggest that Singapore was or would be a target,” he said.
The agency sent an advisory to Critical Information Infrastructure (CII) leaders to work with their security vendors and update their systems so they can be protected from stolen FireEye tools.
In a separate public notice on its website on Monday, the Singapore Computer Emergency Response Team (SingCert), a unit of CSA, recommended that organizations disconnect or turn off certain SolarWinds products from their networks immediately.
“Administrators should also review logs for suspicious activity, check connected systems for signs of compromise and persistence mechanisms, and reset credentials if necessary, especially those used or stored in SolarWinds software,” CSA said.
“Administrators are also advised to monitor their networks and systems for any suspicious activity.”
CSA said it has been in close contact with the U.S. Cybersecurity and Infrastructure Security Agency, as well as FireEye.
Both have provided CSA with more information, which the agency says has helped it better advise on preventive measures to take.
FireEye took swift action to mitigate the threat and alert its partners, customers, and other cybersecurity vendors so that appropriate action can be taken quickly, CSA said.
He added that there is evidence showing that the attackers are state-sponsored and highly sophisticated, and he urged organizations to be vigilant.
Associate Professor Chang Ee-Chien from the School of Computing at the National University of Singapore said the attacks in this case are likely to affect larger organizations rather than home users.
“State-sponsored attacks usually have large resources and political objectives. They are not directed towards home users, but would have important objectives, for example, an attack on financial institutions or power systems,” he said.
[ad_2]
