CSA Singapore Cyber Landscape 2017: Cyber threats in Singapore grew, mirroring global trends
On 19 June, the Cyber Security Agency of Singapore (CSA) released its Singapore Cyber Landscape 2017 publication, which highlights facts and figures on cyber threats that Singapore faced in 2017, as well as the need to build up cyber resilience.
The “Singapore Cyber Landscape 2017” publication reviews Singapore’s cybersecurity situation in 2017 against the backdrop of global trends and events, and highlights Singapore’s efforts in creating a safe and trustworthy cyberspace.
CSA analyses multiple data sources to shed light on the common cyber threats observed in Singapore’s cyberspace. Through case studies of incidents in Singapore, it aims to raise awareness of cyber threats amongst cyber stakeholders and the general public, and to offer practical and actionable insights to better defend ourselves against ever-evolving cyber threats.
“Given Singapore’s connectivity, what happens globally is often immediately felt here. As we continue our Smart Nation push, we have to raise our cyber hygiene and defences, especially against cyber-attackers who are getting better resourced and skilled. We need to play our part by being vigilant and adopting good cybersecurity practices to keep Singapore’s cyberspace safe and trustworthy for all,” said Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA.
According to the report, in 2017, the global cyber landscape continued to evolve. Cyber threats continued to grow in frequency and impact. Notably, there was a shift from profit-motivated attacks towards those aimed at causing massive disruptions, such as the WannaCry ransomware campaign.
As a highly-connected country, Singapore’s cyber landscape mirrored these global trends. Common cyber threats such as phishing, website defacements, and malware infections also showed no signs of abating in 2017.
Types of cyber threats
(1) Website defacement
In 2017, 2,040 website defacements were observed. Many defacements were part of global mass defacement campaigns. The defaced websites belonged mostly to Small and Medium Enterprises (SMEs) from a range of sectors such as manufacturing, retail, and Information and Communications Technology (ICT).
Phishing emails are one of the simplest and most effective methods that hackers use to steal sensitive personal data such as passwords, contact information, and credit card details, by tricking users into opening dubious links or attachments.
In 2017, 23,420 phishing URLs with a Singapore-link were found. The websites of large technology companies were commonly spoofed, making up about 40% of the observed phishing URLs.
(3) Malware infections
In 2017, CSA observed about 750 unique Command & Control (C&C) servers in Singapore, and a daily average of about 2,700 botnet drones with Singapore IP addresses. Of the more than 400 malware variants detected in 2017, five were observed to have caused the majority of the infections.
Conficker, Mirai, Cutwail, Sality, and WannaCry accounted for more than half of the systems infected daily. The majority of these malware are not new, suggesting that many victims are not scanning for viruses and cleaning up their systems.
In terms of ransomware, Singapore was relatively unscathed by major ransomware campaigns. In 2017, 25 cases of ransomware were reported to SingCERT. Besides WannaCry, victims were infected by ransomware such as Cerber, Dharma, and Sage, and faced ransom demands ranging between S$2,000 and S$4,000.
At the same time, the Singapore Police Force (SPF) reported that cybercrime continued to rise in 2017, with 5,430 cybercrime cases reported. Between 2016 and 2017, cybercrime cases grew from 15.6% to 16.6% of total crimes, even as overall crime fell.
Online cheating accounted for the majority of cybercrime cases, with other cases involving compromised social media and SingPass accounts, impersonation scams, ransomware and unauthorised access.
These are offences under the Computer Misuse and Cybersecurity Act. Singapore’s first conviction of a Dark Web-related crime took place in November 2017.
The full document of the Singapore Cyber Landscape 2017 can be found here.