Fewer Cases of Common Cyber Threats Detected in Singapore in 2018

18 Jun 2019

Click on the image to access the full report

Singapore continues to be the target of cyber-attacks by advanced threat actors

The number of common cyber threats detected in Singapore saw a decrease in 2018, although Singapore continues to be the target of cyber-attacks by advanced actors. These are findings released by the Cyber Security Agency of Singapore (CSA) in the Singapore Cyber Landscape 2018 publication today. 

Common cyber threats – such as website defacements, phishing, ransomware and Command and Control (C&C) servers – were observed to have decreased in 2018 compared to the year before.

  1. Website defacements. 605 website defacements were detected in 2018, as compared to 2,040 in 2017. Most of the defaced websites belonged to Small and Medium Enterprises (SMEs), although larger organisations as well as two Singapore Government websites were also affected.  Notably, CSA observed a spike in defacements in November 2018, likely caused by an attacker exploiting vulnerabilities in an unpatched web server. 101 websites - belonging to various businesses hosted on this web server - were compromised by the same attacker in a single day.
  2. Phishing. There was a 30 per cent decrease in phishing URLs with a Singapore-link, from 23,420 URLs in 2017 to 16,100 URLs in 2018. Phishing emails typically spoof a legitimate source to trick users into clicking on dubious links or opening file attachments. Companies in the banking and financial services, technology and file hosting services made up almost 90 per cent of spoofed companies in 2018.
  3. Ransomware. 21 ransomware cases were reported to CSA in 2018, a decrease from 25 in 2017. Ransomware remains lucrative and continues to evolve in sophistication. GandCrab, one of the more aggressive forms of ransomware, infected a private financial institution in Singapore in February 2018. Europol has warned that targeted attacks which are tailored to specific organisations such as GandCrab and SamSam , may become the new normal.
  4. Command and Control (C&C) servers. In 2018, CSA observed about 300 unique C&C servers in Singapore, a 60 per cent decrease from 2017. In addition, almost 2,900 botnet drones with Singapore IP addresses were observed on a daily basis in 2018. Of the 470 malware variants detected in 2018, five – Gamarue, Conficker, Mirai, WannaCry and Gamut – accounted for over half of the observed infections.  The prevalence of these malware variants indicate that many users have yet to adopt protective measures such as patching their devices and using anti-virus software.

Cybercrime cases continue to rise

The Singapore Police Force reported that cybercrime continued to rise, with 6,179 cases reported in 2018 and accounting for about 19 percent of the overall crime in Singapore.  1,204 cases were investigated under the Computer Misuse Act, an increase of about 40 per cent compared to 2017. Online scams continued to be a concern, with about 2,125 e-commerce scams reported in 2018, where victims lost a total of about S$1.9 million. 70 per cent of such scams took place on e-commerce platform Carousell, and involved electronic products and tickets to events and attractions. Separately, 378 business email impersonation scams were observed in 2018, up from 332 cases in 2017. Businesses in Singapore suffered losses of close to S$58 million in 2018, an increase of about 31 per cent from 2017.

Need to strengthen collective cybersecurity
Despite the decrease in the number of common cyber threats detected in 2018, Singapore has been, and will continue to be, the target of cyber-attacks by Advanced Persistent Threat (APT) groups and other actors. In 2018, notable incidents included cyber-attacks on SingHealth and a number of universities in Singapore. Other incidents where SingCERT rendered assistance included a compromise on a training institute’s web servers by crypto-mining malware and an email extortion scam on a member of the public by a scammer using the victim’s leaked email address and password. These incidents highlight the need for organisations, businesses and individuals to stay vigilant and strengthen their cybersecurity to keep pace with increasingly targeted and sophisticated threats.  

The report also identified six anticipated cybersecurity trends in the near future. These include more frequent data breaches, increased threat to global supply chains and more disruptive attacks against the Cloud. Smart buildings and connected systems will also face greater risks of attacks, given the proliferation of Internet of Things (IoT) devices and connected industrial control systems. In addition, threat actors may leverage on Artificial Intelligence (AI) to search for vulnerabilities and create smarter malware. They are also likely to target and manipulate biometric data to build virtual identities and gain access to personal information.
Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said, “Cybersecurity incidents made some of the biggest headlines in 2018. Data breaches across various industries affecting high-profile organisations were reported but smaller businesses and individual users were not spared either. We have to learn from these incidents and push further in our cybersecurity efforts collectively as a nation, so that we can defend ourselves against increasingly sophisticated threats and prepare ourselves for a digital future.” 

Please refer to Appendix A [328kb] for an overview of Singapore’s cyber threats in 2018. 

Please refer to this link [6.56MB] for a copy of the report.

[1]On 22 March 2018, the City of Atlanta in the US state of Georgia suffered a ransomware attack which affected several local government systems and disrupted businesses. Almost US$17 million was reportedly spent in recovery efforts. The ransomware used in the attack, dubbed ‘SamSam’, was also linked to another ransomware attack on the Port of San Diego in September 2018.

About Cyber Security Agency of Singapore

The Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cyber security functions and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cyber security awareness as well as to ensure the holistic development of Singapore’s cyber security landscape. The Agency is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. Information on CSA is available at www.csa.gov.sg.