How Singtel Stopped a Major Cyberattack in Its Tracks
In today’s digital landscape, telecommunications companies are prime targets for cyberattacks. In June 2024, Singapore’s largest mobile carrier, Singtel, faced a critical cybersecurity incident when malware linked to the Chinese state-sponsored hacking group, Volt Typhoon, was detected. Fortunately, Singtel’s early detection and swift response prevented any data loss or service disruption.
Overview of the Singtel Cyberattack
Singtel’s breach was part of a broader campaign aimed at telecommunications companies and critical infrastructures globally. The company acted promptly, collaborating closely with Singapore’s Cyber Security Agency (CSA) and the Infocomm Media Development Authority (IMDA). Their collective efforts ensured that Singapore’s telecommunications infrastructure remained secure and uninterrupted.
The Role of Volt Typhoon
Volt Typhoon is known for its sophisticated cyber tactics, making it crucial for targets like Singtel to have advanced threat detection measures in place. This incident demonstrates how state-sponsored actors can leverage complex attack methods to infiltrate even well-defended networks.
Importance of Threat Detection
The attack on Singtel underscores the importance of threat detection and response technologies in modern cybersecurity. Advanced persistent threats (APTs) like Volt Typhoon require organizations to be on high alert. Singtel’s experience emphasizes the need for proactive measures.
How NDR Works: Enhancing Cybersecurity
Integration of Network Detection and Response (NDR) technologies plays a pivotal role in identifying and neutralizing threats. Here’s how NDR enhances an organization’s cybersecurity posture:
- 1
Comprehensive Asset Discovery: NDR continuously identifies and profiles all network assets, uncovering potential vulnerabilities.
- 2
Accurate Threat Detection: Utilises high-fidelity threat intelligence to pinpoint compromised hosts and advanced persistent threats (APTs) with precision.
- 3
0-Day Detection: Capable of detecting zero-day vulnerabilities and exploits with high accuracy of up to 81%
- 4
Attack Surface Reduction: Identifies newly launched applications and API risks accessible over public networks.
- 5
Alert Noise Reduction: Correlates alerts to ensure the accuracy and relevance of attack notifications with false positive rates of less than 0.03%
Response Capabilities:
- 1
Automatic Response:Â Implements TCP reset blocking to cut off communication between the attacker and victim immediately with a blocking rate of up to 99%
- 2
Firewall Integration:Â Pushes blocking IPs to the firewall, updating policies in real-time to prevent further breaches.
- 3
Automated Investigation:Â Analysis of full packet data to determine the success or failure of attacks automatically.
- 4
Attack Path Analysis:Â Aggregates events to provide a clear analysis of the attack path and process.
- 5
Real-Time Synchronisation:Â Leverages cloud intelligence to detect and block attackers swiftly.
Â
Singtel’s experience with the Volt Typhoon attack serves as a critical reminder of the evolving threats facing telecommunications and other critical infrastructures. Organisations that integrate NDR into cybersecurity frameworks, organisations can significantly enhance their ability to detect and respond to sophisticated cyber threats, ensuring networks remain secure and resilient against potential breaches.
Don’t wait for a breach to take action— Ensure Your Organisation is Protected
Our team of security experts is ready to assist you in evaluating your network defenses and implementing the necessary protections to safeguard your organisation. Contact us today to strengthen your security measures.