Some 8,500 phishing attacks were reported to the Singapore Cyber Emergency Response Team (SingCERT) in 2022, compared to 3,100 cases reported the year before. Small and midsize businesses (SMBs) in Singapore continued to be affected by ransomware incidents last year.
Over half of such cases in 2022 involved hyperlinks ending with “.xyz,” which is a popular top-level domain used by threat actors due to its low cost and limited use restrictions. The average length of phishing links also had been cut by almost half, indicating that cybercriminals likely were tapping URL shortener services to mask their act and track the click-through rate of their phishing campaigns.
More than 80% of phishing sites attempted to pass off as organizations from the banking and financial services sector, according to the Singapore Cyber Landscape 2022 report, released Friday by Singapore’s Cyber Security Agency (CSA). The vertical was the most spoofed, alongside the government and logistics sectors, since financial organizations are trusted institutions that hold sensitive and valuable data, such as login credentials.
June and September, in particular, saw the highest number of phishing attempts in the sector last year. More than half of these involved spoofing of China-based banks, even though several of these entities — namely, Agricultural Bank of China, Zhongyuan Bank, and China Minsheng Bank — had little to no presence in Singapore’s retail banking market.
These threat actors likely were tapping the ‘spray and pray’ tactic to mass-target victims, in hopes of exploiting public concerns over developments in China’s banking sector.
The overall increase in phishing attempts parallels that of global trends, the CSA report stated, adding that SingCERT last year facilitated the takedown of 2,918 takedowns phishing sites. Such attacks were the leading type of overall scams in Singapore last year, clocking 7,097 reported cases, up 41.3% from 2021, according to figures from the Singapore Police Force.
CSA did note that the spike in reported cases also could be attributed to its community outreach and increased public awareness of phishing threats, driving more to actively report such cases to SingCERT.
The cybersecurity regulator said while the number of reported ransomware incidents dipped slightly to 132, compared to 137 in 2021, such attacks remained a significant issue in Singapore and worldwide. It pointed to reports from security vendors indicating a 13% climb in ransomware incidents globally last year.
SMBs remain hot ransomware targets
Furthermore, figures were unlikely to reflect the full extent of such threats since not every victim would report an attack. Citing estimates from the FBI, CSA said just 20% of ransomware victims in the US sought the help of law enforcement.
In Singapore, SMBs again were most impacted by ransomware attacks, particularly, those in manufacturing and retail. These businesses are popular targets because they hold valuable information and intellectual property that cybercriminals hope to extort and capitalize on. SMBs also often lack resources dedicated to tackling cyber threats, CSA said.
Its 2022 report noted that ransomware groups had exhibited increased “commercial and professional-like behavior” and diversified their portfolios to target cloud environments and Linux systems. For instance, they now brand their ransom notes with logos and corporate style to reassure victims they will regain access to their data once ransoms are paid, even providing customer support functions to guide victims through payment and decryption processes.
RaaS (ransomware-as-a-service) strains seen in Singapore’s threat landscape also reflect global trends, with LockBit, DeadBolt, and MedusaLocker among the common models deployed. Most of DeadBolt’s SMB victims here saw their network-attached storage (NAS) systems encrypted, reported CSA, which recommended that organizations regularly patched and updated their internet-exposed NAS systems.
Some 81,500 infrastructure systems were infected last year, a 13% drop from 2021, pushing Singapore’s share of global infected infrastructure to 0.34%, down from 0.84% in 2021.
CSA cautioned, though, that the absolute number of infected systems in the country remains high as it is a data and digital infrastructure hub. “Maintaining good cyber hygiene is crucial as users continue to connect more smart devices to the internet,” the regulator said, noting that the average number of connected devices in Singapore households increased to 7 in 2021, up from 6.5 the year before.
Cobalt Strike was the leading malware family infecting locally hosted C&C (Command and Control) servers, followed by Emotet and Guloader.
Anticipated threats as AI takes form
CSA has anticipated ransomware attacks to continue, with businesses possibly looking at ransom payment to mitigate damages to their reputation. This may prove a more compelling factor rather than paying to regain access to encrypted data, the Singapore regulator said.
This will prompt cybercriminals to rely on extortion, even amid a possible decline in actual ransomware deployments. RaaS providers may focus more on data exfiltration and public shaming of breached sites.
Artificial intelligence (AI) also is expected to be a double-edged sword used by both attackers and defenders, according to the CSA report.
Specifically, the use of natural language processing and machine learning technologies can power real-time insights for ascertaining potential cyber attacks. As AI becomes more accessible and advanced, threat actors also may leverage such technology for their nefarious activities, such as launching highly-targeted spear-phishing campaigns.
Furthermore, cybercriminals may use AI-enabled deepfakes to impersonate C-suite executives to facilitate account takeovers, business fraud, or impact the share price or reputation of an organization.
“With ChatGPT, Bard, and other chatbots showcasing increasingly astounding capabilities, cybersecurity experts warn of their potential abuse to enable malicious cyber activities. Emerging technologies like these are double-edged, as with digitalization,” said David Koh, CSA’s chief executive and cybersecurity commissioner. “While we should be optimistic about the opportunities it brings, we have to carefully manage its accompanying risks to fully reap the benefits of our digital future.”
The Singapore government early this month identified six top risks associated with generative AI and proposed a framework on how these issues can be addressed. It also established a foundation that looks to tap the open-source community to develop test toolkits that mitigate the risks of adopting AI.
Singapore also has laid out a years-long roadmap it believes will ensure its digital infrastructure is ready to tap emerging technologies, such as generative AI, autonomous systems, and immersive multi-party interactions. Its Digital Connectivity Blueprint maps out key priorities for the country’s infrastructure over the next decade and serves as a foundation on which it can realize better opportunities.