fbpx
Connect with us

Telecoms

Singapore’s Singtel breached via 20-year-old file transfer system

Yehia El Amine

Published

 on

Singapore’s Singtel breached via 20-year-old file transfer system

Singapore’s largest telco, Singtel, has been the subject of a cyberattack earlier last week after hackers breached the company via its use of legacy third-party file-sharing system by Accellion that compromised user data.

The attack – which occurred on January 20 – was part of a wider global breach of File Transfer Appliance (FTA) file sharing-systems that had recently affected other organizations such as New Zealand’s central bank, the Australian Securities and Investments Commission and the Washington State Auditor’s Office in the U.S.

“Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks,” Singtel said in a statement.

While the telco noted that it is currently running an impact assessment on the extent of the compromised data, it declined to mention the details of the data compromised and how many customers were breached.

However, Singtel said it is contacting affected customers “at the earliest opportunity once we identify which files relevant to them were illegally accessed.”

It is worth mentioning that the breached third-party software Accellion FTA was used by the telco internally and external stakeholders and is currently over 20-years-old. This incident highlights the importance of adopting a modern, secure, and regularly updated file sharing platforms.

Initially, the first instance of a breach was reported by Accellion back on December 23, 2020, at which the company informed FTA users about a vulnerability within its system. In a statement by the company, it described its FTA product as a “20-year-old product near the end of its functionality,” and then announced that it suffered a “sophisticated cyberattack” which included exploiting a previously unknown vulnerability.

Singtel said it applied FTA patches from Accellion on December 24 and another one on the 27th. On January 23, Accellion said the December 27 patch was ineffective against a new vulnerability, and Singtel took the product offline.

Accellion put out another patch on January 30 but Singtel said it received an “anomaly alert” when applying it. The vendor said Singtel’s system could have been breached and the telco confirmed this occurred on January 20.

“Given the complexity of the investigations, it was only confirmed on Feb 9 that files were taken,” Singtel added.

The telco said the breach was an isolated incident involving the third-party system, and its core operations remained “unaffected and sound.” The telco has suspended use of FTA and is investigating with cybersecurity experts and the authorities, including the Cyber Security Agency of Singapore (CSA).

CSA’s expert team were quick to call on users of the FTA to disconnect from the service to perform checks over possible vulnerabilities, while advising users to check for updates, apply all necessary patches quickly, as well as keep an eye on their networks for suspicious activity.

To date, CSA has not received any breach reports from other Singapore organizations caused by the incident.

Singtel joins a number of other cyberattack victims that were hacked via Accellion, as it joins Australia-based medical research institute QIMR Berghofer, the Reserve Bank of New Zealand – Te Pūtea Matua, growing the vendor’s list of unhappy customers.

While the question begs itself as to why these companies are still using FTAs, Accellion told security news site BankInfoSecurity earlier that customers might be reluctant to switch because it meant moving data, which would entail changes to procedures and having to train workers on the new system.

The Singtel hacking was rather complex to trackback, so here’s a timeline of the events:

  • December 23: Accellion first informs FTA users of a previously unknown vulnerability.
  • December 24: Singtel installs patch from Accellion to plug the vulnerability.
  • December 27: Singtel installs another available patch from Accellion.
  • January 23: Accellion advisory cites a new vulnerability that the December 27 patch was not able to deal with. Singtel immediately takes the system offline.
  • January 30: Singtel attempts to install a new patch to plug the new vulnerability but receives an anomaly alert. The system is kept offline, and investigations confirmed a January 20 breach.
  • February 9: Singtel confirms file theft due to the breach.
  • February 11: Singtel announces the FTA breach.
Advertisement

Yehia is an investigative journalist and editor with extensive experience in the news industry as well as digital content creation across the board. He strives to bring the human element to his writing.

Telecoms

STL signs record high $100 million deals across MEA

Inside Telecom Staff

Published

 on

STL

India-based digital network integrator Sterlite Technologies (STL) announced on Monday that it has renewed and extended deals with leading telecoms providers in the Middle East and Africa region (MEA).

According to a company statement, the deals are worth more than $100 million, taking STL’s order book to a record high, while exhibiting the company’s unwavering focus on building future-ready digital networks within the region.

“STL is building solutions to empower its customers in the MEA region for optical connectivity and network software, enabling FTTH and 5G deployments.  We are proud to be a part of the progress of the Middle East and Africa. With our deep technology expertise and growing talent base, we will continue to deliver on the full potential of digital networks, providing enhanced experiences to consumers and businesses alike,” speaking on the deals, Sandeep Girotra, Global Sales Head, STL, said in a statement.

The global pandemic has pushed many telcos to heavily invest in building digital networks to be able to meet the rising demand for connectivity from people remaining indoors due to lockdown measures. STL has capitalized on this and expanded its presence in the region with their fully 5G ready Opticonn and Software Solutions.

“Our unique end-to-end solutions enables customers to build 5G hyperscale networks at a fast pace with lower long-term Total Cost of Ownership (TCO). These multi-years, multi-million-dollar deals range from optical connectivity solutions to network solutions,” the company said.

According to STL, one of the large-scale deals has been signed with a leading telco in the UAE to advance its 5G, 4G and FTTX network infrastructure through STL’s Opticonn Solutions, including onshore logistics and warehousing. Another multi-million-dollar digital transformation partnership has been formed with the leading telecommunications group in North Africa.

The unnamed telco will deploy STL’s digital billing solutions to 7 million subscribers across the region.

Continue Reading

Telecoms

Airtel won the most subscribers thanks to high quality network in 2020

Karim Hussami

Published

 on

Airtel won the most subscribers thanks to high quality network in 2020

Airtel gained the most subscribers in India comparably due to better network quality by the end of 2020.

The latest data from OpenSignal, an independent global mobile analytics company, shows Airtel and Jio have gained more new subscribers by the end of 2020, but Vi (Vodafone Idea) lost by churning subscribers.

“Airtel and Jio were steadily gaining new users while Vi regularly lost users,” according to the report by OpenSignal who shared data from last year where it analyzed the mobile experience of smartphone users who switched network service providers (outgoing) in 2020.

“Outgoing people turned out to have a worse mobile experience before switching subscribers. They also saw a drop in 4G availability and spent less time connecting to a 3G or 4G mobile connection,” the report noted.

According to a report in Business Today, the total telecom subscriber base in India increased marginally to 1,168.66 million in the reported month from 1,167.81 million in August last year. “The total wireless or mobile telephony subscriber base increased to 1,148.58 million in September 2020 from 1,147.92 million in August 2020,” it added.

Poor network quality

In addition, analysts found that users dropped from a particular network because of poor network quality and for the fact that telcos increased tariffs in 2019. Across all the private operators (Jio, Airtel, and Vi), users who ported to other networks were spending 74 percent to 155 precent more time without being connected to a mobile signal compared to the average scores on the respective networks.

Therefore, OpenSignal indicated that most of the users who were porting to other networks had an issue with the network quality they were getting with their operator. Reliance Jio needs to enhance its network quality as fast as possible to keep leading the mobile telecom market in India, according to analysts.

The report from OpenSignal comes in line with a TRAI report that says that Airtel added 4.05 million new wireless subscribers in December 2020, bringing its total wireless subscriber base to 338.7 million as of December 31, 2020, although still below Jio’s wireless subscriber base.

With the loss of Vi subscribers and the flattening of Jio’s growth curve, Airtel continued to gain subscribers due to the churn rate.

By the end of 2020, it had gained more subscribers due to better network quality, which also matches Telecom Regulator Authority of India (TRAI) data for December 2020.

Continue Reading

Telecoms

Beeline Telecom to become 4th provider in Zambia

Inside Telecom Staff

Published

 on

Beeline Telecom

Beeline Telecom has become Zambia’s fourth provider earlier this week after receiving its license to commence mobile phone operations from the country’s ICT regulator ZICTA.

Beeline, a Zambian wholly owned company, has been granted a period of 6 months to kick start its operations, unless determined by the authority, or the license will be revoked. Zambia enjoys a diverse telco presence with South African MTN and Indian Airtel being the heavy hitter names within the market.

The newly welcomed company stands alongside Zamtel as local providers within the country. According to a statement by Beeline, the local company has been offered the international network and national services licenses with associated resources and becomes the fourth mobile network services provider in the country.

“This was in line with its regulatory mandate under the ICT ACT No. 15 of 2009, which includes the promotion of competition in the ICT sector. In September 2020, the Authority invited, through the Request for Proposals, applications for a Network License under the International Market Segment and a Service License under the National Market Segment with associated resources,” Patrick Mutimushi, Director General of ZICTA, said in a statement.

Mutimushi added that following a thorough evaluation process, and Beeline having met the minimum criteria, the Authority resolved to award the licenses in question to Beeline Telecoms Limited.

On September 4, 2018, ZICTA, under the guidance of the parent ministry – Ministry of Transport and Communications, issued a Network License under the International Market Segment and a Service License under the National Market Segment with associated resources to UZI Zambia.

“Unfortunately, UZI Zambia failed to commence operations by March 3, 2019, the final deadline issued by the Authority. This was notwithstanding two earlier deadline extensions – the first being November 30, 2019 and the second on May 30, 2020. The above scenario left the Authority with no choice but to cancel the licenses issued to UZ! Zambia,” the director general noted.

Continue Reading

Trending