SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Ransomware drives 58% of Singapore cyber incidents
DDoS Data Protection Ransomware

Ransomware drives 58% of Singapore cyber incidents

Fri, 15th May 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Check Point Software has released a report showing that ransomware accounted for 58% of recorded cyber incidents in Singapore. The findings are based on more than 130 major incidents logged in 2025.

The report describes a threat environment shaped by ransomware, distributed denial-of-service attacks and data breaches across public and private sector organisations. Attackers increasingly used double-extortion tactics, stealing data before encrypting systems to increase pressure on victims to pay.

The groups identified include Qilin and Lynx, which were prominent in ransomware activity affecting Singapore. In one incident cited, a local chemical manufacturer allegedly lost 165 GB of sensitive data to Qilin.

Government focus

Disruption campaigns were heavily concentrated on public sector targets. The report says 44% of DDoS victims were in the government sector, with most using the gov.sg domain.

Business services was the next most affected sector for DDoS activity, accounting for 30% of victims. Broader information system disruptions were also linked to hacktivist groups including HIME666 and NullSec Philippines.

The sector breakdown shows a different pattern for other forms of attack. Business services accounted for 32% of targeted sectors overall, while retail represented 15%.

Retail stood out in data breach incidents, accounting for 42% of all breach cases in Singapore during 2025. That made it the most exposed sector for the loss of sensitive information, despite not being the most frequently targeted overall.

Shift in tactics

The findings suggest cyber criminals are moving beyond basic data theft towards methods designed to cause operational and reputational harm at the same time. By combining exfiltration with encryption, attackers can threaten to publish stolen material even if victims can restore systems from backups.

This reflects a broader shift in cyber risk for organisations in Singapore, with public agencies, business services firms and retailers facing different forms of pressure. Government bodies appear to have borne the brunt of disruption attempts, while retailers were more likely to suffer breaches involving stolen data.

Check Point also warned that the threat picture is likely to broaden as scams using artificial intelligence become more common. AI-generated content and deepfake-led fraud are expected to spread, putting more pressure on financial institutions and trust-based transactions.

These attacks are expected to rely less on technical weaknesses and more on manipulating people. That marks a shift away from conventional intrusion methods towards deception tactics that standard security controls can be less effective at detecting.

Rebecca Law, Country Manager, Singapore, at Check Point Software, said the findings show how exposed the country has become. "Singapore's status as a global digital hub makes it a primary target for both financially motivated criminals and strategic nation-state actors," Law said.

She added that attackers were increasingly bypassing established defences through impersonation and social engineering. "The 2025 landscape shows that attackers are successfully bypassing traditional controls through impersonation and social engineering. As we move into 2026, organisations must assume that trust, not just systems, will be exploited. Resilience will depend on moving toward a proactive, prevention-first and 'safe-by-design' remediation approach," she said.

Critical sectors

The concentration of attacks on government systems underlines the exposure of essential digital services to disruption. In a highly connected economy such as Singapore, outages affecting official online platforms can have an outsized effect on administration, communication and public access to services.

The data on retail breaches also points to the risks facing consumer-facing companies that handle large volumes of payment details, customer records and loyalty data. Breaches in the sector can have consequences beyond immediate financial loss, including regulatory scrutiny and damage to customer trust.

For business services companies, the high level of targeting is consistent with their role in handling sensitive commercial information and supporting wider corporate operations. A successful attack on one provider can also create knock-on effects for clients and supply chains.

The report describes Singapore as a frequent target for both financially motivated attackers and state-linked espionage, particularly where critical infrastructure is concerned. It says the combination of ransomware, DDoS activity and increasingly convincing deception techniques is creating a more complex threat environment for local organisations.

More than 60 ransomware cases were recorded in Singapore during 2025, making the category the single largest source of major cyber incidents in the country.

Related stories
Xiid & Cytex link AI governance with zero trust access
AI-driven cyber wars to reshape security in 2026
Dell expands cyber resilience with quantum-ready PCs
Ransomware attacks fall as CL0P & The Gentlemen surge
Dell adds quantum-ready security & AI recovery tools
Top stories
AI reshapes Singapore tech hiring as pay stays high
Keeper Security adds approval controls to KeeperPAM
Boomi & Guru launch AI data partnership for agents
Cohesity expands HPE alliance on cyber resilience deals
KnowBe4 launches free CAPY cyber safety hub for families