A StarHub outage in October last year was not caused by a cyber attack as first thought, but was down to its infrastructure not being able to cope, according to an investigation by government regulators.
Instead of a distributed denial of service (DDoS) mounted by cyber attackers, the service disruption was due to an “overloaded part of StarHub’s home broadband infrastructure,” they said today.
The Infocomm Media Development Authority (IMDA) and Cyber Security Agency found a “higher-than-usual build-up in StarHub DNS (domain name server) traffic just before the disruptions occurred.”
DNS is crucial to mapping out websites for users seeking to surf the Web, so when the servers were overwhelmed on the two days in October 2016, users could not reach their online destinations.
At the time, StarHub had said that was down to an “unprecedented” attack on its infrastructure. Coming days after a similar attack against American Internet providers, the incident raised alarm bells that Singapore’s critical infrastructure was facing an unprecedented threat.
Ruling that out today, the authorities also issued a warning to StarHub. However, they stopped short of giving it a fine for the disruption. The telecom operator is said to have upped its capacity and enhanced its traffic monitoring.
IMDA has also required StarHub to engage an independent expert to review its DNS and other associated infrastructure, to ensure that its network is resilient to future incidents of this nature, it said today.
The episode could prove embarrassing for StarHub, but it might be relieved at the same time that it was not the target of a sophisticated cyber attack, as initially feared.
“We assure our customers and the regulator that we will continuously review our security posture and enhance network resilience in partnership with network and security providers,” said Chong Siew Loong, StarHub’s chief technology officer in a statement to the media.