SINGAPORE (June 26): A report on Singapore’s Cyber Landscape by the Cybersecurity Agency of Singapore (CSA) in 2019 reported a 51.7% increase in cyber crimes in Singapore in the year 2019. 9,340 cases were reported last year relative to the 6,215 cases reported in 2018, accounting for more than one in four crimes committed in Singapore last year. 

The Cyber Security Agency of Singapore (CSA) is a relatively new government agency tasked with providing dedicated and centralised oversight of national cyber security functions, and works with sector leads to protect Singapore’s critical services. It publishes the “Singapore Cyber Landscape” report to review Singapore’s cybersecurity situation in a given year in the context of global trends and events and highlight steps taken by the government to meet these threats. 

"As one of the most connected countries in the world, Singapore remains a target for cyber- attacks and cybercrime. Threat actors have continued to evolve their tactics, resulting in an intensification of malicious cyber activities in 2019,” says David Koh, Commissioner of Cybersecurity and Chief Executive of CSA. 

Singapore’s cybersecurity effort is seeing a stepped up urgency after the infamous massive data breach suffered by SingHealth back in 2018. More than 1.5 million patients’ records, including Prime Minister Lee Hsien Loong’s, were taken by the state-sponsored attackers.

The Singapore Police Force reports that e-commerce scams continue to be the top scam type in Singapore, logging a 30% increase from 2161 cases in 2018 to 2809 in 2019. Victims continue to be enticed by lucrative online deals on items like electronic gadgets and event tickets despite such deals often being “too good to be true”. 

Local industries have also faced an increase in cyber threats, with e-commerce, banking and finance being particularly affected. Such  threats include  common malicious cyber activities such as website defacements, phishing incidents and malware infections. There was in particular a sharp rise in phishing attacks, with 47,500 Singapore-hosted phishing URLs detected in 2019  from 16,100 URLs in 2018, with 2019 seeing the highest ever number of global phishing attacks. 

“Commonly spoofed local firms included technology firms, banking and financial organisations and e-mail service providers, while the Immigration & Checkpoints Authority (ICA), Ministry of Manpower (MOM) and Singapore Police Force (SPF) were the most commonly spoofed government organisations,” noted the CSA press release. The report indicated that 70% of incidents reported to the Singapore Computer Emergency Report Team (SingCERT) by small and medium enterprises (SMEs) were the result of phishing attacks. 

SMEs are also at particular risk of website defacement, with 873 websites were defaced in 2019, compared to 605 cases in 2018. Education, finance, manufacturing and retail were the main sectors targeted. CSA has attributed the rise in such attacks to the emergence of an Indonesia-based hacker group responding to political developments in the Middle East. 

Last year also saw a rise in malware infections, with 530 unique Command & Control (C&C) servers detected in Singapore compared to 300 observed the year before. A daily average of 2300 botnet drones with Singapore Internet Protocol (IP) addresses were observed. Nearly 370 malware variants were detected, with the top five malware – Mirai, Gamarue, Conficker, Nymaim, and Ranbyus – accounting for over half of all observed infections.

Ransomware attack numbers remain relatively lower at 35 in 2019, though this was an increase from 21 cases in 2018. Victims largely originated from travel and tourism, manufacturing and logistics industries.

The Covid-19 Catalyst 
Adding to these woes was the onset of the Covid-19 pandemic this year, with cybercriminals taking advantage of the global uncertainty to launch additional attacks. The transition of firms to cloud computing following new work from home (WFH) arrangements is likely to see an increased attack surface area, making cybersecurity attacks more difficult to defend against. From March to May 2020, CSA found more than 1,500 malicious phishing URLs targeting Singapore -- double the number seen the previous three months. 

“COVID-19 which presents not only a public health challenge, but also a challenge on the cybersecurity front. We have seen attacks targeting healthcare systems around the world. Such attacks are unacceptable. They put lives at risk and impede the critical work of healthcare and frontline agencies in managing the pandemic,” says S. Iswaran, Minister for Communications and Information in a Facebook post today. 

Healthcare bodies were not only attacked to both obtain private information and data, but also to disrupt healthcare and endanger human life. Corporations such as food delivery companies that provide essential services during lockdown measures were also hit by cyber attacks. Increased use of digital infrastructure due to WFH measures also led to an increased attack surface area -- Carbon Black saw a 142% rise in ransomware attack between February and April when telecommuter numbers rose by a corresponding 70%. 

CSA identified a three-phase attack process used by bad actors to strike users during the pandemic. In the inception phase, attackers use phishing and watering hole attacks to capitalise on public fear and interest against individual users. In the expansion phase,  the attackers then moved onto enterprise-centric strikes across new or larger attack surfaces as WFH grew more prevalent. Phishing lures were then used in the convergence phase to obtain credentials or deliver malicious payloads, with many of these spoofing official sources as lockdowns eased. 

“Just last week, Singapore was also reportedly named as one of six countries to be targeted in a prominent phishing campaign impersonating government authorities. Thankfully, we have not seen any evidence of that yet, but it shows that Singapore remains a lucrative target to cyber criminals and threat actors,” continued Iswaran. 

Team sport
CSA has been working closely with public and private sector partners to strengthen Singapore’s cyber resilience. An attack in one section of a computer network or even a particular device -- even those outside Singapore’s borders -- could swiftly also end up targeting other parts of that network as well. “Cybersecurity is a team sport, and now, more than ever, we must come together to do our part to protect our cyberspace,” notes CSA Commissioner Koh. 

Among CSA’s initiatives are regular cybersecurity exercises conducted in 2019 to improve the Critical Information Infrastructure (CII) sectors’ readiness to respond to cyber incidents. It has also worked to develop local cybersecurity talent by working together with foreign CERTs to address the shortage of skilled talent in this field. It has also sought to raise cybersecurity awareness and adoption among businesses and individuals via campaigns and platforms such as GoSafeOnline, SingCERT website and social media channels. 

Beyond Singapore’s shores, CSA has sought to strengthen the cybersecurity regime in Singapore’s neighbourhood. In 2019, it launched the ASEAN-Singapore Cybersecurity Centre of Excellence to enhance regional cyber capacity building to develop voluntary cyber norms for a rules-based international order in cyberspace. To improve Internet of Things (IoT) security, CSA also launched the Cybersecurity Labelling Scheme for selected smart devices and is cultivating research and knowledge-sharing with international partners. 

“We cannot let our guard down. Ensuring a resilient and trusted cyberspace is critical for our economic and social competitiveness. We must mount a collective effort – from the Government, industry, businesses and individuals, to ensure that Singapore remains cyber secure, especially as we make a determined nationwide digitalisation push. Everyone can play a part by being vigilant and practising good cyber hygiene.” concluded Iswaran.