More than 413 million email threats were blocked by Trend Micro in Singapore during 2019, representing a 19.9 per cent increase from 2018.
With email cited as the leading threat vector used by cyber criminals during the past 12 months, the number of times users in the city-state accessed malicious links increased 32.5 per cent, pointing to a lack of education at individual level.
In contrast however, the vendor recorded a 54.5 per cent year-on-year decline in the number of times it blocked malicious URLs hosted in Singapore.
According to research findings, phishing once again placed as the leading threat to organisations at a global level, backed by advanced hacker techniques which prompted a twofold increase in Office 365 related attacks.
Meanwhile, business email compromise (BEC) - billed as a “notorious form of phishing attack” - increased five per cent worldwide, expanding from traditional enterprise users to encompass religious, educational and non-profit organisations.
“Our 2019 findings revealed how cyber criminals recognised the high return on investment from ransomware and BEC scams - a single successful attempt could make for a lucrative yield, even factoring in the research and other efforts that went behind it,” said Nilesh Jain, vice president of Southeast Asia and India at Trend Micro.
Perhaps unsurprisingly, ransomware continued to be a mainstay cyber threat in 2019, with Trend Micro discovering a 10 per cent increase in such detections, despite a 57 per cent decrease in the number of new ransomware families. But as explained by Jain, the “modus operandi morphed in 2019”.
As a result, the market witnessed ransomware increasingly becoming a "secondary infection vector", with alliances being forged to carry out an "elaborate, complex ransomware scheme".
Under the partnership, one group gains access to a network and sells the access to another group to execute a ransomware attack. According to findings, this shows that groups are becoming more specialised and segmenting the pieces of a cyber criminal business model.
“The traditional approach of using numerous best-of-breed security solutions is not today’s state-of-the-art security,” Jain added. “As the security stack becomes bloated, efficiencies need to be identified and had. By the end of the day, having 20 security solutions that don’t talk to each other at all may not be as effective as having five that do.”