Phishing and ransomware dominate Singapore’s cyber threat landscape

Phishing attempts and ransomware continued to pose a significant threat to organisations and individuals in Singapore in 2022 even though there are signs that cyber hygiene is improving in the city-state, a new report by the country’s Cyber Security Agency (CSA) has found.

According to the Singapore cyber landscape (SCL) 2022, about 8,500 phishing attempts were reported to the Singapore Cyber Emergency Response Team (SingCert) last year, more than double the 3,100 cases handled in 2021.

Over half of the reported cases involved URLs ending with “.xyz”, a popular top-level domain among threat actors given its low cost and limited restrictions on usage.

The most commonly spoofed organisations in phishing attempts were banks and financial institutions, which are often targets of phishing attacks as they hold sensitive and valuable information such as personal details and login credentials.

CSA said the increase in reported phishing attempts mirrored global trends, with multiple cyber security vendors observing that phishing activities grew substantially in 2022. In all, SingCert facilitated the takedown of 2,918 malicious phishing sites in 2022.

The global ransomware threat is showing no signs of abating and Singapore organisations have been targeted as well. Last year, 132 cases of ransomware were reported to CSA, compared to the 137 cases reported in 2021.

While there was a slight dip in reported ransomware attacks, it was concerning that the affected organisations were small and medium-sized enterprises (SMEs), particularly those in manufacturing and retail that may hold valuable data as well as intellectual property (IP) that are being eyed by cyber criminals.

There was also a decrease in infected infrastructure, which CSA defined as compromised devices that were abused by attackers for malicious purposes, such as conducting distributed denial of service (DDoS) attacks or propagating malware and spam.

In 2022, CSA observed 81,500 infected systems in Singapore, down 13% from 94,000 in 2021. Singapore’s global share of infected infrastructure also fell from 0.84% in 2021 to 0.34% in 2022 despite a sharp growth of infected infrastructure observed worldwide.

CSA said although this decrease in infected infrastructure in Singapore points to an improvement in cyber hygiene levels, the absolute number of infected systems in Singapore remains high.

The top three malware infections on locally hosted command and control servers were Colbalt Strike, Emotet and Guloader, while Gamarue, Nymaim and Mirai were the top three malware found locally hosted botnet drones, accounting for nearly 80% of Singapore IP addresses infected by malware in 2022.

In its report, CSA also outlined emerging risks, such as those associated with the growing adoption of artificial intelligence which could be used by cyber attackers and defenders alike. For example, while machine learning can provide real-time insights on cyber attacks, the technology could also be used for nefarious activities, such as highly targeted spear-phishing campaigns.

“2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as Covid-19 restrictions began to ease,” said David Koh, commissioner of cyber security and chief executive of CSA.

“Emerging technologies, like chatbots, are double-edged, as with many new technologies. While we should be optimistic about the opportunities it brings, we have to manage its accompanying risks. The government will continue to step up our efforts to protect our cyberspace, but we need businesses and individuals to play their part,” he added.