swisshippo - Fotolia

Singapore remains hotbed for cyber threats

Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency

Like most well-connected countries, Singapore fell prey to advanced persistent threats (APTs) and cyber crime in 2017, while the threats of website defacements, phishing and malware showed no signs of abating in the city-state.

These findings were revealed in an annual threat landscape report by Singapore’s Cyber Security Agency (CSA), which noted the increasingly targeted nature of cyber attacks that were carefully planned, and were not the work of casual hackers or criminal gangs.

In April 2017, two local universities – the National University of Singapore (NUS) and the Nanyang Technological University (NTU) – reported intrusions into their networks.

Based on investigations, both attacks were found to have been linked to APTs. NUS detected an unauthorised intrusion into its systems through a server, while NTU faced multiple waves of malware attacks.

While the college networks were separate from the government’s, the two incidents were found to have been carefully planned and aimed at stealing information related to the government or research, the CSA said.

The growing use of phishing tactics to suss out user credentials and compromise corporate networks was also well underway in Singapore, which saw 23,420 phishing URLs aimed at spoofing the websites of organisations such as the Ministry of Manpower and the Immigration and Checkpoints Authority.

Notably, the websites of technology companies such as Apple and Microsoft were commonly spoofed, making up around 40% of the observed phishing URLs in Singapore, according to the CSA.

Singapore websites continued to be vulnerable to defacements by mischief-makers and hacktivist groups looking to promote their agenda.

In 2017, the number of website defacements in Singapore grew by 16.6% to 2,040. The defaced websites belonged mostly to small to medium-sized enterprises (SMEs) from sectors such as manufacturing, retail, and information and communications technology.

The CSA said hacktivists tend to seek out high-profile websites or leverage iconic events to launch defacement campaigns for maximum impact and visibility. For example, it noted an increase in defacements of Singapore websites on August 9, Singapore’s National Day.

“While these were assessed to be opportunistic rather than targeted, it highlights the potential for such incidents during iconic events. Many of the websites had been defaced previously, suggesting that their owners had not taken the appropriate security and patching measures to protect their websites,” it noted.

Read more about cyber security in APAC

  • LogRhythm CEO Andy Grolnick calls for more investments in cyber security technology and processes in APAC amid growing cyber threats in the region.
  • Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows.
  • A joint steering committee will meet twice a year to address cyber security issues, among other measures to shore up Malaysia’s cyber security capabilities.
  • Nearly one-fifth of small businesses in Singapore that were targeted by ransomware in 2016 had to shut down their business operations.

As for malware infections and botnets, the CSA observed around 750 unique command and control (C&C) servers in Singapore in 2017, and a daily average of around 2,700 botnet drones with Singapore IP addresses.

Out of the more than 400 malware variants detected in 2017, five were observed to have caused the majority of the infections. Conficker, Mirai, Cutwail, Sality, and WannaCry accounted for more than half of the systems infected daily, suggesting that victims were still not scanning for viruses and cleaning up their systems.

The threats to critical infrastructure also came under the spotlight in 2017. In September last year, the website of a Singapore insurance company was breached, compromising the personal data of 5,400 customers, including their email addresses, mobile numbers and dates of birth.

The CSA said the government had also faced a range of cyber threats, including system intrusions and spoofed websites. To better protect government systems and citizens’ data, the government separated its internal networks from the internet in May 2017. 

“As we review Singapore’s cyber landscape in 2017, we hope to draw out the lessons learnt from the incidents of the past year, so that we can be better equipped to tackle the threats in the future,” said CSA chief executive David Koh.

“Singapore’s move towards being a smart nation will bring benefits to many, but we need everyone to be savvy users of this connectivity. We know that we are only as strong as our weakest link. Therefore, we all need to do our part to ensure basic cyber hygiene is in place, such as using stronger passwords, to keep our networks trusted and secure.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management