Hackers hit NTU, NUS to steal data
They are believed to be after government-related information, but no classified data was compromised as systems are separate
Hackers infiltrated the IT networks of two universities in the first sophisticated cyber attacks on tertiary institutions here.
Their aim was to steal research or government-related data, the Cyber Security Agency of Singapore (CSA) and the Ministry of Education told a press conference yesterday.
Nanyang Technological University (NTU) and National University of Singapore (NUS) discovered the breaches last month.
The attacks had been carefully planned and were not the work of casual hackers.
The hackers were not identical or part of an orchestrated campaign, the authorities said.
CSA chief executive David Koh told reporters yesterday: "We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons."
No classified information or personal data was stolen. The affected systems have been removed.
The attacks could have been an attempt to access government-related data through the university networks.
The Government had taken precautions against attacks by delinking computers of public servants from the Internet.
NUS detected intrusions on its IT systems on April 11 during its cyber security assessments while NTU discovered malware attacks on April 19 during regular network checks.
They immediately removed and replaced affected desktop and shared personal computers and front-end workstations.
They alerted CSA, which found the attacks to be the work of Advanced Persistent Threat (APT) actors.
In an APT attack, an unauthorised person gains access to a network through various methods, such as malware and phishing, to steal data.
To avoid being detected, hackers strike through people associated with the targeted company or organisation.
It can take up to 230 days for a company to detect these attackers, said cyber security firm Darktrace.
Its Asia Pacific managing director, Mr Sanjay Aurora, told The New Paper: "At Darktrace, we once started working with a customer, only to find that there was a sophisticated threat inside their network that had been there for eight years."
The attacks show that anyone can be a target for hackers, not just financial institutions, the Government and critical infrastructure, said Mr Bill Taylor-Mountford, the Asia Pacific and Japan vice-president of security intelligence firm LogRhythm.
"Establishments such as universities hold valuable personal data, including intellectual property that can bring about financial gain," he told TNP.
NTU and NUS said their daily operations, including critical IT systems such as student admissions and exam databases, were not affected.
Minister for Communications and Information Yaacob Ibrahim said in a Facebook post the breaches are of concern, but the situation had been contained.
Both universities said they have since adopted additional security measures.
No suspicious activity in critical information infrastructure networks or government networks have been detected so far, said the authorities.
While universities were targeted by APT actors for the first time, such attacks are not new to Singapore.
APT attacks have been on the rise globally.
Mr Taylor-Mountford said: "We are almost fighting a losing battle if we focus only on prevention.
"Therefore, it is more important to be able to detect a breach and quickly neutralise it."