Story image

Singapore CSA looks back at 2017's most rampant cyber threats

20 Jun 18

The Cyber Security Agency of Singapore (CSA) has published a report of the biggest cyber threats the country experienced in 2017, with a notable shift from profit-motivated attacks to attacks designed to cause disruption.

The Singapore Cyber Landscape 2017 report shows that cyber threats continued to grow in frequency and in damage on a global scale – and Singapore statistics mirrored the trends.

“Given Singapore’s connectivity, what happens globally is often immediately felt here. As we continue our Smart Nation push, we have to raise our cyber hygiene and defences, especially against cyber-attackers who are getting better resourced and skilled,” Comments CSA chief David Koh.

“We need to play our part by being vigilant and adopting good cybersecurity practices to keep Singapore’s cyberspace safe and trustworthy for all.”

The CSA’s Cybersecurity Act, in addition to partnerships with GoSafeOnline, SingCERT and others, are designed to protect and raise awareness about cybersecurity issues.

According to the Singapore Police Force, Singaporeans reported 5,430 cases of cybercrime. While overall crime rates fell, cybercrime cases grew to 16.6% of all cases.

Many cases involved online cheating, compromised social media and SingPass accounts, impersonation, scams, and unauthorised access. In September 2017, Singapore also dealt convictions in its first Dark Web-related crime case.

Singapore’s critical information infrastructure (CII) sectors remain prime targets, with banking, finance and government at the top. This became a reality for one Singapore insurance company in September 2017, when a data breach compromised = the personal data of 5,400 customers, including their e-mail addresses, mobile numbers and dates of birth.

Singapore’s business ecosystem, in particular SMEs, are especially vulnerable to attacks as they don’t have the resources or skills to deal with cyber threats.

The report says that of the 146 cases reported to SingCERT last year, almost 40% involved SMEs. CSA encourages businesses to invest in cybersecurity solutions.

Finally, phishing, ransomware and tech support scams continue to plague individuals.

Common cyber threats are detailed below.

  • Website Defacements. 2,040 website defacements were observed in 2017. Many defacements were part of global mass defacement campaigns. The defaced websites belonged mostly to Small and Medium Enterprises (SMEs) from a range of sectors such as manufacturing, retail, and Information and Communications Technology (ICT).
     
  • Phishing. 23,420 phishing URLs with a Singapore-link were found in 2017. Phishing emails are one of the simplest and most effective methods that hackers use to steal sensitive personal data (e.g. passwords, contact information, credit card details), by tricking users into opening dubious links or attachments. The websites of technology companies such as Apple and Microsoft were commonly spoofed, making up about 40 per cent of the observed phishing

Malware Infections

  • Compromised Systems. In 2017, CSA observed about 750 unique Command & Control (C&C) servers in Singapore, and a daily average of about 2,700 botnet drones with Singapore IP addresses. Of the more than 400 malware variants detected in 2017, five were observed to have caused the majority of the infections. Conficker, Mirai, Cutwail, Sality, and WannaCry accounted for more than half of the systems infected daily. The majority of these malware are not new, suggesting that many victims are not scanning for viruses and cleaning up their systems.
     
  • Ransomware. Singapore was relatively unscathed by major ransomware campaigns such as WannaCry. 25 cases of ransomware were reported to SingCERT in 2017. Besides WannaCry, victims were infected by ransomware such as Cerber, Dharma, and Sage, and faced ransom demands ranging between S$2,000 and S$4,000. 
How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.