CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments. Click on the title to view the full article!

Mobile Insecurity

Mobile mania hit Singapore again in September 2019 with the launch of some freshly dropped Apples, in the form of the iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max. Owning the latest hardware is, of course, only half the story: what each of these handheld supercomputers offers is the ability to load all kinds of apps - providing entertainment, connectivity with family and friends, and also serve as a productivity tool for work. However, we are often unaware of the risks inherent in such devices and apps. This can be from simply clicking “Yes” when asked if you would allow an app to access your device’s phonebook or hardware. The previous issue of Cybersense focused on the problem of mobile malware; building on this, we now look at some security risks that mobile phones and apps themselves present.

Mobile Threats

Globally and in Singapore, many own mobile phones and tablets to connect with one another, be entertained, or to work. Singaporeans on average spend more than 12 hours daily on them. The wide use of mobile devices in our daily lives also make it ripe for the picking by hackers who are developing “mobile malware” that can spy on you, steal your personal data, or lately, mine cryptocurrencies.


Since late 2018, targeted ransomware attacks on state and local governments are on the rise. They include SamSam, Ryuk, RobbinHood and LockerGoga. These new strains are stealthier and more sophisticated, and are unlike previous strains that primarily rely on e-mails or exploits to spread during the 2017 WannaCry and NotPetya attacks.


Our society is increasingly connected; the lines between physical and digital worlds increasingly blurred. This is in no small part due to the Internet of Things – the vast network of everyday devices that are connected to the Internet, and can communicate with each other without human intervention.


Academic institutions around the world are increasingly being targeted by hackers, it appears. The cyber-attacks range from ransomware to ones that seek out sensitive research data the institutions may have. Close to home, the Advanced Persistent Threat (APT) attacks on Singapore’s universities in April 2017 were carefully planned, and the objective may have been to steal information related to government and research. According to a report by the US-based Ponemon Institute, which conducts research on privacy, data protection and information security, the education sector saw one of the highest per capita data breach costs at US$260 for each record containing sensitive data, just behind the health industry (US$369), in the survey across 16 industries in 12 countries.


As the global energy sector moves towards providing “clean energy”, operational processes will change too. With it, an opportunity to review the cybersecurity measures that need to be in place from the outset, to counter cyber-attacks on the sector. The European Union (EU) and US have taken the lead with their assessment on the “new” energy industry.In Singapore, changes are afoot too in the energy sector as the country drives towards a smart nation. This would be a good opportune time to relook into the energy needs of local businesses to fully optimise energy management (from energy generation to demand-side management), and include intelligent energy storage systems by leveraging Internet of Things (IoTs). However, security architecture needs to be designed upfront for these IoTs so that they can be robust against cyber-attacks.


Industrial Control Systems (ICS), which allow utilities operators in sectors like Water and Energy to remotely monitor and control industrial processes, are often thought to be relatively safe from harm since many do not have connections to the Internet. But they can still be susceptible to a cyber-attack as new means to get into the systems are being developed, and even demonstrated. Cyber-physical threats to water infrastructure can lead to a wide range of effects, including changes to water quality and supply.

Oil and Gas

The oil and gas vertical in the Energy sector faces more disruptive and potentially destructive cyber-attacks than before. On one hand, increasingly-connected systems provide a growing threat surface; on the other, threat actors are on constant lookout for targets for a wider range of effects. These actors, often guided by geopolitical or commercial objectives, are targeting oil and gas companies to conduct espionage, disruptive attacks, or even outright destruction.


The maritime industry is responsible for transporting more than 90 per cent of the world’s trade. As technology is introduced to shipboard and port systems, great strides in productivity and fuel efficiency have been achieved. However, awareness of the importance of cybersecurity may still be lagging behind the rapid pace of technology development, the latter of which may allow us to see unmanned cargo ships plying the seas by 2020.

Land Transport

In recent times, public transportation around the world, such as buses and rail systems, have faced cyber-attacks. The WannaCry ransomware campaign that swept across the world in May 2017 also affected the payment and bus routing systems in Germany and the UK. Fortunately, the control systems of the trains and buses were not affected then, but they remain a possible target.

First PagePrevious Page
Next PageLast Page