Phishing and ransomware continue to be the two major cyber threats faced by Singaporean companies, particularly small and medium-sized enterprises (SMEs) according to the Cyber Security Agency of Singapore (CSA).
In its Singapore Cyber Landscape (SCL) 2022 report released on Friday, CSA noted that there were around 8,500 phishing attempts reported to the Singapore Cyber Emergency Response Team (SingCERT) in 2022 which was more than double the 3,100 cases handled by SingCERT in 2021.
SingCERT facilitated the takedown of 2,918 malicious phishing sites in 2022.
More than 50 per cent of reported cases involved urls ending with “.xyz” – a popular top-level domain (TLD) among threat actors given its low cost and limited restrictions on usage, CSA said.
The report also noted that the average length of reported phishing links decreased by almost half, “suggesting that threat actors are using url shortener services more frequently to mask their malicious intent and track the click-through rate of their phishing campaigns”.
The most commonly-spoofed domains were banking and financial services (BFS), government and logistics.
CSA said more than 80 per cent of reported phishing sites masqueraded as entities within the BFS sector.
“They are often targets of phishing attacks as they are trusted institutions which hold sensitive and valuable information such as personal details and login credentials,” CSA said.
The agency added that overall, the increase in reported phishing attempts mirrored global trends, with multiple cybersecurity vendors observing that phishing activities grew substantially in 2022.
Decrease in ransomware
While ransomware remains a major issue globally with cybersecurity vendors reporting a 13 percent increase in 2022, the number of reported ransomware cases in Singapore saw a slight decrease with 132 cases reported to CSA, compared to the 137 reported in 2021.
Those affected were mostly SMEs from sectors such as manufacturing and retail.
CSA said one possible reason for these SMEs being targeted was because they may hold valuable data as well as Intellectual Property (IP), which cybercriminals often seek to extort and monetise for financial gain.
Many of these SMEs also lack dedicated resources to counter cyber threats the agency added.
Despite a sharp growth of infected infrastructure observed worldwide, Singapore’s global share of infected infrastructure fell from 0.84 per cent in 2021 to 0.34 per cent in 2022.
In 2022, CSA observed 81,500 infected systems in Singapore, a decrease of 13 per cent from 94,000 in 2021.
While this decrease in infected infrastructure points to an improvement in cyber hygiene levels, the absolute number of infected systems in Singapore remains high, CSA said.
The top three malware infections on locally-hosted C&C servers were Cobalt Strike, Emotet and Guloader, while Gamarue, Nymaim and Mirai were the top three malware found on locally-hosted botnet drones, accounting for nearly 80 percent of Singapore IP addresses infected by malware in 2022.
Reputational damage
The SCL 2022 report noted that given the spate of high-profile global data breaches in 2022, going forward organisations may consider mitigating reputational damage as a more compelling reason to pay the ransom than regaining access to their encrypted data.
The report observed that while threat actors will continue to rely on extortion, actual ransomware deployments may decline.
Ransomware-as-a-Service (RaaS) providers might turn their attention to focus more on data exfiltration and public shaming on “leak sites”, CSA said.
With the general willingness of the industry and the public to accept the news of a data breach at face value, a threat actor might also conjure fictional breaches by publicising repackaged data from prior breaches or information fused through open-source data scraping, CSA noted.
AI tools
The report highlighted that artificial intelligence (AI) tools will be increasingly incorporated into cybersecurity tools with an anticipated growth in market size from US$22.4 billion (S$30.27 billion) in 2023 to US$60.6 billion in 2028.
The use of Natural Language Processing (NLP) and Machine Learning (ML) technologies in cybersecurity products is expected to increase rapidly, CSA said.
The agency warned that as AI becomes more accessible and advanced, threat actors may leverage such technology to launch attacks such as highly-targeted spear-phishing campaigns.
“Threat actors may also get more creative in the use of AI-enabled deepfakes to impersonate C-suite executives to facilitate account takeovers, business fraud, or impact the share price or reputation of an organisation,” CSA said.
