By Nurdianah Md Nur
May 12, 2017
The IT networks of Nanyang Technological University (NTU) and the National University of Singapore (NUS) were breached last month.
Affected desktops were quickly isolated, removed and replaced.
Both universities are working with the Cyber Security Agency of Singapore (CSA) on forensic investigations to understand the nature and extent of the attacks. CSA is also assisting with incident response and immediate measure to mitigate potential impact.
The breaches were detected during NTU's regular checks on its systems on 19 April, and NUS' cybersecurity assessments by external consultants on 11 April.
According to investigations, both attacks were the work of Advanced Persistent Threat (APT) actors who might have intended to steal information related to government or research.
CSA said the extent of the cyberattack appears to be limited as the universities' systems are separate from government IT systems. The daily operations of both universities, including critical IT systems, such as student admissions and examination databases, were not affected.
In response to the incident, NUS and NTU have adopted additional security measures beyond those already in place.
According to CSA, further details about the incident will not be disclosed as it could impact the effectiveness of additional defensive and preventive measures taken by both universities.
CSA's Singapore Computer Emergency Response Team (SingCERT) has also reached out to the other autonomous universities, and informed their Critical Information Infrastructure (CII) Sectors and the government sector to step up monitoring and checks on their networks.
There has been no sign of suspicious activity in CII networks or government networks thus far, said CSA.
Just this February, Singapore's Ministry of Defence (MINDEF)'s I-net system was breached. Even though no classified military data was lost, basic personal information of about 850 National Servicemen and MINDEF employees was stolen.
Affected personnel were contacted within the week and asked to change their passwords for other MINDEF systems.
According to cybersecurity experts, the above-mentioned attacks highlight that it is no longer enough for IT/security teams to focus on prevention.
"Today, we can no longer prevent attackers from gaining access. We are almost fighting a losing battle if we only focus on prevention. Therefore, it is more important to be able to detect a breach and quickly neutralise it. Reducing the mean time to detect and respond must be the key objective for any cybersecurity infrastructure today," said Bill Taylor-Mountford, Vice President, Asia Pacific & Japan, LogRhythm.
Sanjay Aurora, Managing Director, Asia Pacific, Darktrace, added: "Businesses need to understand that they can't catch every threat as it gets into the network. It is no longer possible to predefine what 'bad' looks like in advance, and stop these threats from getting into the network."