News Categories

Singtel data breached through hack on third-party file-sharing vendor

By Team HardwareZone - on 11 Feb 2021, 11:57am

Singtel data breached through hack on third-party file-sharing vendor

This article by Kenny Chee and Ng Wei Kai first appeared in The Straits Times on 11 February 2021. 

A third-party file-sharing system used by Singapore’s largest telco, Singtel, has been hacked and customer information may have been compromised, the company said early on Thursday (11 February 2021).

The breach occurred on 20 Jan but, for now, the telco assured that its core operations are not affected.

The hack was part of a wider global breach of the File Transfer Appliance (FTA) file-sharing system that recently affected other organisations including New Zealand’s central bank, the Australian Securities and Investments Commission and the Washington State Auditor’s Office in the US.

Singtel said on Thursday that an impact assessment on the extent of the data breach is being carried out.

“Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks,” it said.

The company did not provide details on the data and how many customers were affected.

Singtel is contacting affected customers “at the earliest opportunity once we identify which files relevant to them were illegally accessed”.

The FTA file-sharing system is provided by cloud-sharing company Accellion, which informed its customers, including Singtel, of the hack on 23 Dec last year.

Describing FTA as a 20-year-old product near the end of its functionality, Accellion said it suffered a “sophisticated cyberattack” which included exploiting a previously unknown vulnerability. The US firm said last month that fewer than 50 customers were affected.

Singtel said it applied an FTA patch from Accellion on 24 Dec and another one on 27 Dec. On 23 Jan, Accellion said the 27 Dec patch was ineffective against a new vulnerability, and Singtel took the product offline.

Accellion put out another patch on 30 Jan but Singtel said it received an “anomaly alert” when applying it. The vendor said Singtel’s system could have been breached and the telco confirmed this occurred on 20 Jan.

“Given the complexity of the investigations, it was only confirmed on Feb 9 that files were taken,” Singtel added.

The telco said the breach was an isolated incident involving the third-party system, and its core operations remained “unaffected and sound”. The FTA system is used to share information internally within Singtel and externally to other stakeholders.

The telco has suspended use of FTA and is investigating with cybersecurity experts and the authorities, including the Cyber Security Agency of Singapore (CSA).

CSA’s Singapore Computer Emergency Response Team advised users to disconnect the FTA system to perform a thorough check. They should also regularly check for updates, apply patches quickly and monitor their networks for unusual activities, which may suggest data is being stolen from the FTA.

CSA said it has not received reports from other Singapore organisations on the FTA incident.

The Personal Data Protection Commission said it is investigating the incident.

Accellion told The Straits Times that it could not comment on specific customers “for their protection”. But it was “conducting a full assessment” of the FTA hack with “an industry-leading cybersecurity forensics firm”. 

The company previously said it has been encouraging all FTA customers to migrate to its latest secure file-sharing kiteworks platform and has fast-tracked plans to end FTA following the cyberattacks.

It remains unclear why Singtel was still using FTA. But Accellion told IT security news site BankInfoSecurity earlier that customers might be reluctant to switch because it meant moving data, which would entail changes to procedures and having to train workers on the new system.

The identity of the hackers and their motives are not yet known.

IT security experts said Singtel’s hack is part of a trend of crooks targeting vendors and suppliers of major organisations.

“Companies like Singtel are like fortresses... and very hard to penetrate. However, attackers always go after the weakest link like vendors,” said Mr Shane Chiang, the chief executive of local cybersecurity firm Momentum Z. He said last year’s SolarWinds hacking incident was such a “supply chain attack”.

Mr Chiang advised firms to have a way to vet and monitor their vendors on cybersecurity, and try to ensure company IT systems and physical workplaces are secure even from inside jobs, like verifying if access requests are legitimate.

“There is no perfect solution and no such thing as being unhackable,” he added.

Mr Stas Protassov, co-founder and technology president of Acronis, said that if customer data was compromised, it could be used by cybercrooks to access a person’s bank details, masquerade as the victim to forge identity documents or commit crimes in his name.

Customer data could also be sold on the black market or to carry out a targeted attack on the victim’s company. For now, he added that no FTA data has been dumped on the dark web yet, where, among other things, stolen data is sold.

“If it does contain critical information, the price for that on the dark web could be several millions of dollars,” said Mr Protassov.


Timeline of Singtel hacking

23 Dec: Accellion first informs FTA users about a previously unknown vulnerability.

24 Dec: Singtel installs patch from Accellion to plug the vulnerability.

27 Dec: Singtel installs the last available patch from Accellion; no further patch was provided after that.

23 Jan: Accellion advisory cites a new vulnerability that the Dec 27 patch was not effective against. Singtel immediately takes the system offline.

30 Jan: Singtel attempts to install a new patch to plug the new vulnerability but receives an anomaly alert. The system is kept offline and investigations confirmed a Jan 20 breach.

9 Feb: Singtel establishes that files were taken as a result of the breach. 

11 Feb: Singtel announces the FTA breach.

Source: The Straits Times

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.