Published on 23 Jun 2023
Singapore, 23 June 2023 – The Cyber Security Agency of Singapore (CSA) released the Singapore Cyber Landscape (SCL) 2022 publication today. The publication provides a comprehensive picture of the cybersecurity threat landscape in Singapore. CSA observed that, in 2022, phishing, which is a key conduit for scams and other malicious cyber activities, posed an increased threat to organisations and individuals. In line with global trends, ransomware continues to be a key concern in Singapore, with around one ransomware case reported every three days on average. The number of infected infrastructure (formerly known as Command & Control (C&C) servers and Botnet Drones) saw a drop in Singapore despite a sharp growth of infected infrastructure observed worldwide.
Key Malicious Cyber Activities in 2022
Anticipated Cybersecurity Trends
2 The SCL 2022 report also highlighted several trends to watch:
(a) Ransom for Reputation. Given the spate of high-profile data breaches in 2022 globally, organisations might consider mitigating reputational damage as a more compelling reason to pay the ransom than regaining access to their encrypted data. As such, while threat actors will continue to rely on extortion, actual ransomware deployments may decline. Ransomware-as-a-Service (RaaS) providers might turn their attention to focus more on data exfiltration and public shaming on “leak sites”. With the general willingness of the industry and the public to accept news of a data breach at face value, a threat actor might also conjure fictional breaches by publicising repackaged data from prior breaches or information fused through open-source data scraping.
(b) Artificial Intelligence (AI) for Bad and Good. AI is a double-edged sword that can be adopted by attackers and defenders alike. It is expected to be increasingly incorporated for cybersecurity, with an anticipated growth in market size from US$22.4 billion in 2023 to US$60.6 billion in 2028. Specifically, the use of Natural Language Processing (NLP) and Machine Learning (ML) technologies can empower the creation of an evolving baseline to provide real-time insights for ascertaining potential cyber-attacks. As AI becomes more accessible and advanced, threat actors may leverage such technology for their nefarious activities, such as to launch highly-targeted spear-phishing campaigns. Threat actors may also get more creative in the use of AI-enabled deepfakes to impersonate C-suite executives to facilitate account takeovers, business fraud, or impact the share price or reputation of an organisation.
(c) Systemic Risks from Economic Adversity. The Russia-Ukraine conflict brought about financial pressures and a rise in cost of living. Inflation remains high in many countries and the International Monetary Fund anticipates a global economic downturn this year. Economic adversity create opportunities which threat actors can exploit via phishing. They capitalise on psychological weaknesses as potential victims are more inclined to explore opportunities to make up for personal financial shortfalls. Impending economic adversity also leads organisations to scrutinise their budgets closely and focus on cutting what is perceived as nonessential expenditure. Cybersecurity is often seen by uninformed C-suites as an overhead rather than an essential function. Tighter cybersecurity budgets and fewer resources may translate to subpar security postures across organisations, an asymmetry which will be capitalised by threat actors, thereby amplifying the risks of ransomware attacks and breaches.
CSA’s Efforts to Strengthen Collective Cybersecurity Posture
9 Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said: “2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as COVID-19 restrictions began to ease. Emerging technologies, like Chatbots, are double-edged, as with many new technologies. While we should be optimistic about the opportunities it brings, we have to manage its accompanying risks. The government will continue to step up our efforts to protect our cyberspace, but we need businesses and individuals to play their part too, so that we can fully reap the benefits of our digital future.”
1
A TLD is one of the domains at the highest level of the hierarchical Domain Name System of the Internet, and usually forms the last text segment in a website’s domain name, such as .com or .net.
2
Compromised devices within SG cyberspace abused by attackers for malicious purposes, such as conducting DDoS attacks or distributing malware and spam.
About the Singapore Cyber Landscape 2022
The “Singapore Cyber Landscape 2022” publication reviews Singapore’s cybersecurity situation in 2022 against the backdrop of global trends and events, and highlights Singapore’s efforts in creating a safe and trustworthy cyberspace.
CSA analyses multiple data sources to shed light on the common cyber threats observed in Singapore’s cyberspace. Through case studies of incidents in Singapore, the publication aims to raise awareness of cyber threats among cyber stakeholders and the general public, and to offer practical and actionable insights to better defend ourselves against ever-evolving cyber threats. Please refer to this link for a copy of the report.
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.