More sophisticated ransomware attacks as well as threats to the remote workforce and supply chain that have characterised cyber threats this past year will continue to be worrisome in the short term, according to the Cyber Security Agency of Singapore (CSA).
Digitalisation that has occurred at an accelerated pace during the pandemic has also led to some risks being taken, the government agency said last week in its annual report on cybersecurity.
The top trend that should worry businesses is the evolution of ransomware attacks. No longer restricted to sporadic or isolated incidents, this is now a massive and systemic threat, said the CSA.
It cited the recent high-profile attack against Colonial Pipeline in the United States that caused fuel prices to rise and the one against meat processing company JBS (Brazil) that affected food supply as examples of cyber threats becoming national security concerns.
In Singapore, there were 89 ransomware attacks reported to the CSA in 2020, a sharp rise of 154 per cent from the 35 cases in 2019. Most of those affected were small and medium enterprises (SMEs) involved in manufacturing, retail and healthcare.
Instead of indiscriminate, opportunistic attempts, ransomware attacks have evolved into targeted ones with a fully established commercial model by threat actors, CSA warned.
A second trend it highlighted is the targeting of the growing remote workforce that is logging in from home. Often, users suffer from poorly configured network and software systems, which widen the attack surface and increase the risks for businesses, according to CSA.
With its good Internet connections to the region, Singapore has also been used by hackers to run command and control (C&C) servers and botnet drones to mount attacks on targets.
The CSA observed 1,026 malicious C&C servers hosted in Singapore in 2020, a 94 per cent increase from the 530 in 2019. Much of this is for distributing the pervasive Emotet and Cobalt Strike malware used to infect unsuspecting victims’ machines.
In 2020, CSA also detected about 6,600 botnet drones with Singapore IP addresses daily, an increase from 2019’s daily average of 2,300. Malware such as Mirai and Gamarue targeted the growing numbers of Internet of Things (IoT) devices in Singapore.
A third trend the CSA pointed to is the increased targeting of supply chains. The Singapore authorities pointed to the SolarWinds compromise at the end of 2020 as an example of how hackers are now seeking to gain access to suppliers and attack many more victims connected to them.
Just last week, yet another high-profile attack on Kaseya, a company whose software is used to manage IT infrastructure, affected thousands of businesses including supermarts which were locked out from their connected cash registers.
Besides these near-term threats, there are others in the mid-term, the CSA cautioned.
In future, it expects space infrastructure to be the target of hackers. Such attacks may disrupt activities or allow hackers to obtain strategic information – that satellites are now capable of yielding – on Earth-bound targets of interest.