fazon - Fotolia

Singapore faced fewer cyber threats in 2018

Despite the fall in the number of common cyber threats last year, Singapore will continue to face advanced persistent threats, CSA warns

Singapore’s efforts to fend off cyber threats appears to be working, going by the latest annual threat landscape report released by the city-state’s Cyber Security Agency (CSA) on 18 June.

According to the CSA, the number of common cyber threats, such as website defacements, phishing, ransomware and command and control (C&C) servers, fell in 2018 compared to the previous year.

The biggest decline was in the number of website defacements, which decreased from 2,040 in 2017 to 605 in 2018. Small and medium-sized enterprises (SMEs) were the worst hit, though larger organisations and two Singapore government websites were not spared either.

The CSA said it observed a spike in defacements on a single day in November 2018, likely caused by a lone attacker who exploited vulnerabilities in an unpatched web server that hosted 101 websites of various businesses.

Phishing attacks also fell in 2018, with the number of phishing URLs with a Singapore link falling by about 30% from 23,420 in 2017 to 16,100 in 2018. Nearly 90% of these attacks were targeted at banking and financial services, technology and file hosting companies.

The number of ransomware cases appears to be tapering off. In 2018, 21 ransomware cases were reported to the CSA, a decrease from 25 in 2017. That said, the CSA warned that ransomware remains lucrative and is becoming more sophisticated.

GandCrab, one of the more aggressive forms of ransomware, for example, had infected a private financial institution in Singapore in February 2018. Europol has warned that targeted attacks using ransomware tailored to infect specific organisations may become the new normal.

C&C servers being used to control malware infected machines fell by 60% in 2018. Together, the servers controlled almost 2,900 botnet drones with Singapore IP addresses each day in 2018.

The CSA said out of 470 malware variants detected in 2018, five – Gamarue, Conficker, Mirai, WannaCry and Gamut – accounted for over half of the observed infections. It noted that the prevalence of these malware variants indicate that many users have yet to adopt protective measures such as patching their devices and using anti-virus software.

Sharat Sinha, vice-president of Check Point Software in Asia-Pacific and Japan, said one reason for the decline in cyber attacks in Singapore might be the introduction of the European Union’s General Data Protection Regulation in May 2018 that raised general awareness on cyber security.

“At the same time, these attacks happen in waves,” said Sinha. “The fact that they have gone down in 2018 does not mean that they will suddenly take off once again.”

Despite the fall in the number of common cyber threats detected in 2018, Singapore has been, and will continue to be, the target of cyber attacks by advanced persistent threat (APT) groups and other actors, the CSA warned.

In 2018, notable incidents included cyber attacks on SingHealth and universities in Singapore. A training institute had also fallen prey to crypto-mining malware.

Sinha said while crypto-mining malware exploit a victim’s computing power to mine crypto-currencies, the same malware can spawn other attacks by turning into ransomware, for example.

The CSA rounded up its report with six cyber security trends in the near future – more frequent data breaches; threats to global supply chains; disruptive attacks against cloud services; attacks on internet of things (IoT) systems; the use of artificial intelligence to search for vulnerabilities; and the use of stolen biometric data to build virtual identities and access personal information.

Sinha said of these trends, the IoT threat is of utmost concern, noting that there is a “good possibility” that IoT devices might be used as bots to carry out large-scale distributed denial-of-service (DDoS) attacks.

“Many of these IoT devices have vulnerabilities, and they are not as protected as for example, a mobile phone, or an user-end device, like a laptop or something that has processing power,” he said. “That makes it hard to insert a protection agent like an anti-virus or anti-malware on the device.”

Read more about cyber security in ASEAN

Read more on Hackers and cybercrime prevention

Data Center
Data Management