Phishing and Ransomware continue to pose significant risks to organisations and individuals drop seen in number of infected infrastructure
Singapore, 23 June 2023 – The Cyber Security Agency of Singapore (CSA) released the Singapore Cyber Landscape (SCL) 2022 publication today.
The publication provides a comprehensive picture of the cybersecurity threat landscape in Singapore. CSA observed that, in 2022, phishing, which is a key conduit for scams and other malicious cyber activities, posed an increased threat to organisations and individuals.
In line with global trends, ransomware continues to be a key concern in Singapore, with around one ransomware case reported every three days on average.
The number of infected infrastructure (formerly known as Command & Control (C&C) servers and Botnet Drones) saw a drop in Singapore despite a sharp growth of infected infrastructure observed worldwide.
Key Malicious Cyber Activities in 2022
- Phishing. There were around 8,500 phishing attempts reported to the Singapore Cyber Emergency Response Team (SingCERT) in 2022, more than double the 3,100 cases handled in 2021. More than 50 per cent of reported cases involved URLs ending with “.xyz” – a popular top-level domain (TLD)1 among threat actors given its low cost and limited restrictions on usage. The average length of reported phishing links decreased by almost half, suggesting that threat actors are using URL shortener services more frequently to mask their malicious intent and track the click-through rate of their phishing campaigns. The most commonly-spoofed were Banking and Financial Services, Government and Logistics. More than 80 per cent of reported phishing sites masqueraded as entities within the Banking and Financial Services sector. They are often targets of phishing attacks as they are trusted institutions which hold sensitive and valuable information such as personal details and login credentials. Overall, the increase in reported phishing attempts mirrored global trends, with multiple cybersecurity vendors observing that phishing activities grew substantially in 2022. In all, SingCERT facilitated the takedown of 2,918 malicious phishing sites in 2022.
- Ransomware incidents. Ransomware remains a major issue both in Singapore and globally, with cybersecurity vendors reporting a 13 per cent increase in ransomware incidents worldwide in 2022. In Singapore, the number of reported ransomware cases saw a slight decrease with 132 cases reported to CSA in 2022, compared to the 137 cases reported in 2021. The cases affected mostly Small-and-Medium Enterprises (SMEs) from sectors such as manufacturing and retail, as they may hold valuable data as well as Intellectual Property (IP), which cybercriminals often seek to extort and monetise for financial gain. Many of such firms also lack dedicated resources to counter cyber threats.
- Infected Infrastructure2. In 2022, CSA observed 81,500 infected systems in Singapore, a decrease of 13 per cent from 94,000 in 2021. Despite a sharp growth of infected infrastructure observed worldwide, Singapore’s global share of infected infrastructure fell from 0.84 per cent in 2021 to 0.34 per cent in 2022. While this decrease in infected infrastructure in Singapore points to an improvement in cyber hygiene levels, the absolute number of infected systems in Singapore remains high. The top three malware infections on locally-hosted C&C servers were Colbalt Strike, Emotet and Guloader, while Gamarue, Nymaim and Mirai were the top three malware found on locally-hosted botnet drones, accounting for nearly 80% of Singapore IP addresses infected by malware in 2022.
- Website Defacements. 340 ‘.sg’ websites were defaced in 2022, a decrease of 19 per cent from 419 in 2021. Most victims were SMEs. The downward trend could be attributed to hacktivist activities moving to other platforms with potentially wider reach, such as social media. In general, a downward trend in global website defacements was observed – with the exception of Ukraine and Russia, which have seen hacktivist activities spike amidst the ongoing conflict, including the defacement of more than 70 Ukrainian government websites just before hostilities broke out.
Anticipated Cybersecurity Trends
2 The SCL 2022 report also highlighted several trends to watch:
(a) Ransom for Reputation. Given the spate of high-profile data breaches in 2022 globally, organisations might consider mitigating reputational damage as a more compelling reason to pay the ransom than regaining access to their encrypted data. As such, while threat actors will continue to rely on extortion, actual ransomware deployments may decline. Ransomware-as-a-Service (RaaS) providers might turn their attention to focus more on data exfiltration and public shaming on “leak sites”. With the general willingness of the industry and the public to accept news of a data breach at face value, a threat actor might also conjure fictional breaches by publicising repackaged data from prior breaches or information fused through open-source data scraping.
(b) Artificial Intelligence (AI) for Bad and Good. AI is a double-edged sword that can be adopted by attackers and defenders alike. It is expected to be increasingly incorporated for cybersecurity, with an anticipated growth in market size from US$22.4 billion in 2023 to US$60.6 billion in 2028. Specifically, the use of Natural Language Processing (NLP) and Machine Learning (ML) technologies can empower the creation of an evolving baseline to provide real-time insights for ascertaining potential cyber-attacks. As AI becomes more accessible and advanced, threat actors may leverage such technology for their nefarious activities, such as to launch highly-targeted spear-phishing campaigns. Threat actors may also get more creative in the use of AI-enabled deepfakes to impersonate C-suite executives to facilitate account takeovers, business fraud, or impact the share price or reputation of an organisation.
(c) Systemic Risks from Economic Adversity. The Russia-Ukraine conflict brought about financial pressures and a rise in cost of living. Inflation remains high in many countries and the International Monetary Fund anticipates a global economic downturn this year. Economic adversity create opportunities which threat actors can exploit via phishing. They capitalise on psychological weaknesses as potential victims are more inclined to explore opportunities to make up for personal financial shortfalls. Impending economic adversity also leads organisations to scrutinise their budgets closely and focus on cutting what is perceived as nonessential expenditure. Cybersecurity is often seen by uninformed C-suites as an overhead rather than an essential function. Tighter cybersecurity budgets and fewer resources may translate to subpar security postures across organisations, an asymmetry which will be capitalised by threat actors, thereby amplifying the risks of ransomware attacks and breaches.
CSA’s Efforts to Strengthen Collective Cybersecurity Posture
9 Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said: “2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as COVID-19 restrictions began to ease. Emerging technologies, like Chatbots, are double-edged, as with many new technologies. While we should be optimistic about the opportunities it brings, we have to manage its accompanying risks. The government will continue to step up our efforts to protect our cyberspace, but we need businesses and individuals to play their part too, so that we can fully reap the benefits of our digital future.”
1 A TLD is one of the domains at the highest level of the hierarchical Domain Name System of the Internet, and usually forms the last text segment in a website’s domain name, such as .com or .net.
2 Compromised devices within SG cyberspace abused by attackers for malicious purposes, such as conducting DDoS attacks or distributing malware and spam.
About the Singapore Cyber Landscape 2022
The “Singapore Cyber Landscape 2022” publication reviews Singapore’s cybersecurity situation in 2022 against the backdrop of global trends and events, and highlights Singapore’s efforts in creating a safe and trustworthy cyberspace.
CSA analyses multiple data sources to shed light on the common cyber threats observed in Singapore’s cyberspace. Through case studies of incidents in Singapore, the publication aims to raise awareness of cyber threats among cyber stakeholders and the general public, and to offer practical and actionable insights to better defend ourselves against ever-evolving cyber threats. Please refer to this link for a copy of the report.
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.
Source — CSA Singapore