beebright -

Ransomware and botnets among top cyber threats in Singapore

The city-state saw more ransomware threats and command-and-control servers hosted out of its highly connected network infrastructure last year, as threat actors capitalised on the pandemic

Singapore’s cyber threat landscape was dominated by the proliferation of ransomware, botnet drones and phishing attacks last year as threat actors capitalised on the anxiety and fear wrought by the pandemic.

According to Singapore’s Cyber Security Agency (CSA) annual threat report, 89 ransomware cases were reported in 2020, a sharp rise of 154% from the 35 cases reported in 2019. The cases affected mostly small and medium-sized enterprises in industries such as manufacturing, retail, and healthcare.

CSA said the significant increase in local ransomware cases was likely influenced by the global ransomware outbreak, where three distinct characteristics were observed as ransomware operators deployed increasingly sophisticated tactics.

These include shifting from indiscriminate, opportunistic attacks to more targeted “big game hunting”; the adoption of “leak and shame” tactics; and the growth in ransomware-as-a-service offerings.

Singapore, which plays host to major cloud, connectivity and datacentre providers, is a key node in the region’s internet infrastructure. In 2020, CSA observed 1,026 malicious command-and-control (C2) servers hosted in Singapore, a 94% increase from the 530 C2 servers in 2019.

According to CSA, the higher number of C2 servers was in part attributed to the increase in those that distributed the highly pervasive Emotet and Cobalt Strike malware, which accounted for one-third of the C2 servers observed.

The rise in the number of C2 servers corresponded with the higher number of botnet drones. Last year, there were 6,600 botnet drones with Singapore IP addresses daily, an increase from 2019’s daily average of 2,300.

Read more about cyber security in APAC

Variants of the Mirai and Gamarue malware were prevalent among infected botnet IP addresses in 2020, with the Mirai malware, which primarily targets internet-of-things (IoT) devices, staying strong due to the continuing growth of IoT devices locally.

Jonas Walker, security strategist at Fortinet, noted that botnet drones tend to spread inside networks to infect additional devices and provide a remote access capability into the network, which can be leveraged for lateral movement.

“Therefore, any additional device connected to this network in the future is at risk of being infected by the initial IoT device that spreads malware to these new devices like mobile phones and laptops with much more sensitive information,” said Walker. “Additionally, if attackers launch specific commands, these devices can use most of their resources for these tasks, leading to malfunctions of the initial purpose.”

The bright spot in Singapore’s threat landscape last year was the slight decrease of 1% in the number of Singapore-hosted phishing URLs compared to 2019.

Globally, 2020 saw a surge in Covid-19-related phishing campaigns. CSA noted that Covid-19 themes very likely accounted for over 4,700 of malicious URLs spoofing local entities and services that were in greater demand during Singapore’s circuit breaker period, which included online retail and payment portals.

David Koh, commissioner of cyber security and CEO of CSA, said 2020 was a watershed year for digitalisation efforts across Singapore’s economy and society, spurred by the challenges brought about by Covid-19.

“Unfortunately, the speed and scale at which digital technology was adopted may have led to some risks being taken, and threat actors are capitalising on this. The government, organisations, and individual users need to work together in order to keep ourselves secure in cyber space,” he added.

Read more on Hackers and cybercrime prevention

Data Center
Data Management