Ransomware was a dominant threat in Singapore in 2020. What can we do?

Ransomware was a dominant threat in Singapore in 2020. What can we do?

The growth in ransomware attacks reflected a worrying worldwide trend and Singapore similarly was not spared. Industry players were not surprised and shared their advice for businesses.

By on

Cyber threats such as ransomware and online scams were the fastest growing cyber threats that impacted Singapore in 2020, driven by work-from-home (WFH) arrangements as individuals and businesses leveraged technologies to maintain business continuity.

In its report on the Singapore Cyber Landscape in 2020 released earlier this month, the Cyber Security Agency of Singapore (CSA) said 89 ransomware cases were detected in 2020, more than double the 35 cases reported in 2019.

Cyber crime saw 16,117 cases reported in 2020, surging from 9,349 cases in 2019. It accounted for 43 per cent of overall crimes reported in 2020. This trend is attributed to the rapid growth of e-commerce, the proliferation of community marketplace platforms and social media platforms as Singaporeans carried out more online transactions due to COVID-19. 

We aren’t surprised with the increase in ransomware attacks as cyber gangs are emboldened by the fact that more and more companies are agreeing to meet their ransom demands, driving up ransoms and putting a bullseye on the back of even more companies.

- Eric Nagel, General Manager for APAC, Cybereason

Malicious Command and Control (C&C) servers and botnet drones also leapt in 2021, with 1,026 malicious C&C servers hosted in Singapore, a 94 per cent increase from the 530 C&C servers observed in 2019. The rise was in part attributed to the increase in C&C servers distributing the Emotet and Cobalt Strike malware, which accounted for one-third of the malware C&C servers observed.

No. of cases








Table 1: No. of cases handled by CSA’s SingCERT (Singapore Computer Emergency Response Team)

Ransomware will continue to get worse

Ransomware has developed into a massive and systemic threat that is forecasted to get worse. Across the globe, we have had high-profile ransomware incidents affecting essential service providers and key firms – such as the US-based fuel pipeline company Colonial Pipeline and JBS, a meat processing company from Brazil. 

These attacks have demonstrated the real-world effects and harm they cause, and their potential to become national security concerns. 

“CSA's report was not surprising given that 2020 was the year of COVID-19 related scams with consumers and businesses taking the brunt of the attacks. When the COVID pandemic began, it was never a question of if the research companies, hospitals and suppliers would be targeted, it was just a matter of how frequently,” said Eric Nagel, General Manager for APAC, Cybereason.

“We aren’t surprised with the increase in ransomware attacks as cyber gangs are emboldened by the fact that more and more companies are agreeing to meet their ransom demands, driving up ransoms and putting a bullseye on the back of even more companies.” 

Remote working has made networks vulnerable

CSA said remote working will continue to be a constant fixture for organisations in the near future – as poorly configured network and software systems that were rapidly introduced presented a bigger attack surface and exposed organisations to greater risk of cyber attacks. 

“Due to the challenges brought about by COVID-19, 2020 was a watershed for digitalisation efforts across all parts of the economy and society,” said David Koh, Commissioner of Cybersecurity and Chief Executive of CSA.

“Unfortunately, the speed and scale at which digital technology was adopted may have led to some risks being taken, and threat actors are capitalising on this. The Government, organisations, and individual users need to work together in order to keep ourselves secure in cyberspace.”

CSA also saw usage of botnet drones with Singapore based IP addresses rising from 2,300 in 2019 to 6,600 in 2020.

“Botnet drones tend to spread inside networks to infect additional devices and provide a remote access capability into the network, which can be leveraged for lateral movement through the network and gives the attacker persistent access whenever needed in the future,” said Jonas Walker, Security Strategist FortiGuard Labs, at Fortinet.

“Therefore, any additional device connected to this network in the future is at risk of being infected by the initial IoT device that spreads malware to these new devices like mobile phones and laptops with much more sensitive information.  Additionally, if attackers launch specific commands, these devices can use most of their resources for these tasks, leading to malfunctions of the initial purpose.”

Supply chains also being exposed

CSA warned that supply-chain attacks have given cyber threat actors an avenue to pivot to multiple victims. Although this form of attack is not a recent development, it has become more sophisticated.

“With the ever-increasing adoption in cloud consumption, software development practices on third party code adoption will need to be reviewed carefully,” said Clement Lee, Security Architect, APAC, at Check Point Software Technologies.

“We suspect this will be the uptrend in the new(er) interaction of supply chain attacks. As the proliferation of smart IoT devices bring the next paradigm shift, we will continue to see more innovative means of attacks from the hackers.

“To prevent falling victim, organisations will need to review their risk assessments and bolster new security best practices in this new normal. Businesses should focus to increase identity management in their policy framework, especially in external services (SaaS, for example)..”

Preventive measures organisations can take

Tim Mackey, principal security strategist, at Synopsys Cybersecurity Research Centre, the cyber-crime trend will continue for the foreseeable future.

The starting point for prevention is awareness of risk, and that comes from asking key operational questions and building what’s known as a threat model.

- Tim Mackey, principal security strategist, at Synopsys Cybersecurity Research Centre

“An example of such a key question would be, ‘If the computer of a key employee were compromised, what data and systems would an attacker have unrestricted access to by using the employees’ pre-existing access rights?’ If the answer to this question highlights data or systems that aren’t required for the employee’s daily tasks, then restricting access reduces the risk to the business of any compromise of that employee or their computer. 

“The end objective of such efforts is to segment the business such that the damage from any one attack is limited in scope.”

David Ng, Country Manager, Singapore, at Trend Micro advises organisations to take a more proactive approach by working with their cybersecurity partners to review and assess cybersecurity risk, posture and toolkits’ health.

Firstly, they can learn to spot early signs of an attack such as the presence of suspicious activities in the system. Examine and block malicious emails using sandbox analysis and enable advanced detection.

“Secondly, use predictive machine learning tools and behavioural monitoring features for the system’s multiple layers, and leverage multifactor authentication, data protection, backup, and recovery measures.

“Thirdly, carry out regular security skills training and assessment, and conduct penetration tests to gauge the efficacy of their security setups.”

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
© iTnews Asia

Most Read Articles