SINGAPORE – There is no reason to believe that Singapore was a target of the recent high-profile hacking attack involving cyber security firm FireEye and software provider SolarWinds Corp, authorities said late on Tuesday (Dec 15).
Even so, the Cyber Security Agency of Singapore (CSA) said that it has sent out an advisory on Dec 9 for firms to disconnect affected cyber security tools and update their systems to protect against cyber criminals.
FireEye, one of the largest cyber security companies in the United States, said earlier this month that it was hacked in a state-sponsored attack. The firm’s hacking tools, which are used to test the defences of its clients, was stolen in the process.
The attack on a firm which holds a range of contracts in the United States and its allies, is among the most significant breaches in recent memory.
The company is a strategic partner of CSA, which oversees national cyber security functions and protects Singapore’s critical services.
Following the firm’s investigations this week, FireEye discovered that one of its software providers – US-based SolarWinds Corp – was hacked as well, and was used to gain entry into US’ government systems.
Investigations into the cyber attacks are ongoing.
CSA told The Straits Times that based on its understanding, the scope of the FireEye attack was limited and did not affect Singapore.
“Based on the information from FireEye, the attack was highly targeted, with the breach limited to FireEye’s US offices. There has been no evidence to suggest that Singapore was or would be a target,” it said.
The agency sent an advisory to Critical Information Infrastructure (CII) leaders, to work with their security vendors and update their systems so that they can be protected from the stolen FireEye tools.
In separate public advisory on its website on Monday, the Singapore Computer Emergency Response Team (SingCert), a unit of CSA, advised organisations to disconnect or power down certain SolarWinds products from their networks immediately.
“Administrators should also review the logs for suspicious activities, check connected systems for signs of compromise and persistence mechanisms, and reset credentials if necessary, especially ones used by or stored in SolarWinds software,” said CSA.
“Administrators are also advised to monitor their networks and systems for any suspicious activities.”
CSA said that it has been in close contact with the US Cybersecurity and Infrastructure Security Agency, as well as FireEye.
They have both provided CSA with more information, which the agency said has helped it to better advise on preventive measures to take.
FireEye took swift action to mitigate the threat and alert their partners, customers and other cyber security vendors, so that appropriate action can be taken quickly, said CSA.
It added that there is evidence to show the attackers are state-sponsored and highly sophisticated, and urged organisations to be vigilant.
Associate Professor Chang Ee-Chien from the National University of Singapore’s School of Computing said that the attacks in this case are likely to affect larger organisations instead of home users.
“State-sponsored attacks typically have large resources and political goals. They do not direct towards home users but would have significant targets, for example an attack on financial institutions or power systems,” he said.