The Cyber Security Agency of Singapore (CSA) has flagged an increase in cyber threats, such as ransomware and online scams, during 2020.
CSA’s SingCERT (Singapore Computer Emergency Response Team) handled more than 9,000 cases last year, compared to nearly 8,500 cases reported in 2019 and 4,977 cases in 2018 respectively, according to new figures in CSA’s Singapore Cyber Landscape (SCL) 2020 report, released on 8 July.
The latest threat tally marks the second consecutive year of increases in cyber threats handled by the agency.
“Although the number of phishing incidents remained stable and website defacements declined slightly, malicious cyber activities remain a concern amid a rapidly-evolving global cyber landscape and increased digitalisation brought about by the COVID-19 pandemic,” CSA said in a statement.
The agency said that throughout 2020 it observed that global threat actors had capitalised on the anxiety and fear wrought by the pandemic, with repercussions felt by individuals and businesses. These threat actors targeted areas such as e-commerce, data security, vaccine-related research and operations, as well as contact tracing operations.
Some of the observed global threat actor trends were mirrored locally, CSA said, with a surge in ransomware incidents and the emergence of COVID-19-related phishing activities seen in the region, the latter of which unsurprisingly coincided with the rise of work-from-home (WFH) arrangements.
Breaking down the types of threats observed, the latest report reveals that 89 ransomware cases were reported to CSA in 2020, representing a sharp rise of 154 per cent from the 35 cases reported in 2019. These cases affected mostly small- and medium-sized enterprises (SMEs), and hailed from sectors such as manufacturing, retail and healthcare.
CSA said that the increase in local ransomware cases was likely influenced by the global ransomware surge, with three distinct characteristics observed as ransomware operators deployed increasingly sophisticated tactics: shifting from indiscriminate, opportunistic attacks to more targeted ‘Big Game Hunting’; the adoption of ‘leak and shame’ tactics; and a rise in ransomware-as-a-service (RaaS) models.
Another trend that was observed was a rise in malicious command and control (C&C) servers and botnet drones.
In 2020, CSA observed over 1,000 malicious C&C servers hosted in Singapore, a 94 per cent increase from the 530 C&C servers observed in 2019.
“The rise was in part attributed to the increase in C&C servers distributing the highly pervasive Emotet and Cobalt Strike malware, which accounted for one-third of the malware C&C servers observed,” CSA said.
Moreover, CSA detected about 6,600 botnet drones with Singapore IP addresses daily in 2020, an increase from 2019’s daily average of 2,300.
“Variants of the Mirai and Gamarue malware were prevalent among infected botnet IP addresses in 2020, with Mirai malware, which primarily targets Internet-of-Things (IoT) devices, staying strong due to the continuing growth of IoT [internet of things] devices locally,” the agency said.
At the same time, phishing remained prevalent. About 47,000 unique Singapore-hosted phishing URLs were observed in 2020, a slight decrease of 1 per cent compared to 47,500 URLs seen in 2019.
“Globally, 2020 saw a surge in COVID-19-related phishing campaigns,” CSA said. “In Singapore, the overall volume of malicious phishing URLs remained comparable to the figures seen in 2019.
“COVID-19 themes very likely accounted for over 4,700 of malicious URLs spoofing local entities and services that were in greater demand during Singapore’s circuit breaker period, which included online retail and payment portals,” the agency added.
Although still considered a major cyber activity, local website defacements fell in 2020, bucking the overall cyber trend, with 495 Singapore websites – those with a .sg web address – defaced in 2020, a decrease of 43 per cent from 873 in 2019.
The majority of website defacement victims were SMEs, with no government websites affected.
“The significant fall in 2020 is consistent with global trends and suggests that activist groups could have chosen other platforms with potentially wider reach (e.g. social media) to embarrass their victims and attract visibility for their causes,” CSA said.
Meanwhile, cyber crime in general continues to represent major cyber activity in the local market and a key concern of the Singapore Police Force, with 16,117 cases reported in 2020, up from 9,349 cases in 2019.
Cyber Crime accounted for 43 per cent of overall crimes reported in 2020, according to the latest report.
Looking forward, the report highlighted several emerging cybersecurity trends to watch against the backdrop of an increasingly complex and dynamic cyber threat landscape.
One of the big trends to watch out for, according to CSA is the continuing evolution of ransomware attacks. While not captured in the report, the recent supply chain attack by cyber criminals on Kaseya’s VSA product shows just how far-reaching the damage novel ransomware deployment methods can be.
Indeed, CSA included the increased targeting of supply chains as a major trend it was observing.
“A successful breach in the supply chain, as seen in the high-profile SolarWinds supply-chain breach at the tail end of 2020, provided cyber threat actors a single pivoting point to multiple victims,” CSA said. “While such attacks are not new, they are becoming more sophisticated.
“The compromise of a trusted supplier or software can result in widespread repercussions worldwide, as victims could include major vendors with huge customer bases.”
CSA noted that ransomware has evolved into a massive and systemic threat, and is no longer restricted to the sporadic and isolated incidents observed.
“Globally, the recent spate of high-profile ransomware incidents affecting essential service providers and key firms – such as the fuel pipeline company Colonial Pipeline (United States) and meat processing company, JBS (Brazil) – have demonstrated that the attacks could cause real-world effects and harm, and may have the potential to become national security concerns.
“The proliferation of such attacks spells an urgency for businesses to review their cybersecurity posture and ensure that they build their systems to be resilient in recovering from any successful cyber-attacks,” it said.