While phishing and ransomware were key threats to organisations and individuals in Singapore in 2022, organisations should be mindful of the likely growth in extortion threats that target reputational damage, according to a Singapore Cyber Security Agency (CSA) report released a fortnight ago.
Last year, more than twice as many cases – 8,500 phishing attempts – were reported to the Singapore Cyber Emergency Response Team (SingCERT) than in 2021. Government and logistics were the most often spoofed industries, and over 50 per cent of reported cases used URLs with a “.xyz” ending.
As for ransomware, there was an average of one case every three days, with 132 cases reported in 2022, a slight decrease compared to 137 cases in 2021. Small-and-Medium Enterprises (SMEs) from sectors like manufacturing and retail were most affected.
For infected infrastructure (formerly known as Command & Control servers and Botnet Drones), there were 81,500 infected systems in Singapore, a sharp drop of 13 per cent from 2021, even though there is a strong increase in infected infrastructure globally.
In Singapore, the top three malware infections on infected infrastructure were Colbalt Strike, Emotet and Guloader, while Gamarue, Nymaim and Mirai were the top three malware found on locally-hosted botnet drones.
On a positive note, there is a decrease in the number of website defacements, with 340 “.sg” websites defaced in 2022, a decrease of 19 per cent from 419 in 2021. This affected mainly SMEs and the downward trend is similar to global website defacements.
On the trends to watch, the agency warned that threat actors will continue to focus on extortion tactics like stealing data and public shaming by publishing leaked data.
Artificial Intelligence (AI) is also anticipated to be used for cybersecurity protection, while cyberthreat actors are expected to use AI to launch highly-targeted spear-phishing campaigns and to impersonate C-suite executives for criminal purposes.
“Emerging technologies, like Chatbots, are double-edged, as with many new technologies. While we should be optimistic about the opportunities it brings, we have to manage its accompanying risks,” said David Koh, the commissioner of cybersecurity and chief executive of CSA.
Another trend to note is that economic adversity due to financial pressures and a rise in cost of living have created opportunities for cyber criminals to exploit via phishing. Tightening budgets can also impact cybersecurity budgets resulting in less adequate security defence.
“2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as Covid-19 restrictions began to ease,” added Koh.
What is also worrying is that hackers are getting better over time. In a separate report by this week, cybersecurity software firm Sophos said threat actors are generally achieving greater success with encrypting data.
In the manufacturing and production sector, attackers are successfully encrypting data in 68 per cent of ransomware attacks, while this is found in 71 per cent of ransomware attacks in the retail sector. These encryption rates are the highest for both sectors over the past three years.
Another worrying trend is that where data was encrypted, it was also stolen, pointing to this “double dip” method becoming more common. This occurred in 21 per cent of cases in the retail sector and 32 per cent of the manufacturing and production sector, according to Sophos.
