Phishing efforts and ransomware remained a significant threat to organisations and individuals in Singapore in 2022, despite indicators that cyber hygiene is improving in the city-state, according to a new report from the country's Cyber Security Agency (CSA).
In contrast to the 3,100 incidents handled in 2021, around 8,500 phishing attempts were reported to the Singapore Cyber Emergency Response Team (SingCert) last year, according to the Singapore Cyber Landscape (SCL) 2022.
Given its low cost and lax usage constraints, top-level domains ending in ".xyz" are favoured by threat actors in more than half of the recorded cases.
Banks and other financial institutions were the most frequently impersonated companies in phishing attacks. These businesses are frequent targets because they store sensitive and valuable data such as user names and login credentials.
According to the CSA, the rise in reported phishing attempts followed global trends. Several cyber security providers noted that phishing activities had increased in 2022. In total, SingCert assisted in the removal of 2,918 harmful phishing websites last year.
Organisations in Singapore have also been hit by the global ransomware threat, which shows no signs of decreasing.
In contrast to the 137 incidents reported in 2021, 132 ransomware cases were reported to the CSA last year.
While the number of reported ransomware attacks has decreased slightly, it is still alarming that small and medium-sized businesses (SMEs) have been hit, particularly those in manufacturing and retail, which may have valuable data and intellectual property (IP) that cybercriminals are interested in stealing.
There was also a reduction in infected infrastructure, which the CSA described as compromised systems used for harmful reasons such as executing distributed denial of service (DDoS) attacks or spreading malware and spam.
In 2022, the CSA discovered 81,500 infected systems in Singapore, a 13% decrease from 94,000 in 2021.
Despite a high increase in contaminated infrastructure worldwide, Singapore's global proportion of infected infrastructure declined from 0.84% in 2021 to 0.34% in 2022.
Although the drop in infected infrastructure in Singapore indicates an increase in cyber hygiene levels, the absolute number of infected systems in Singapore remains high, according to the CSA.
Colbalt Strike, Emotet, and Guloader were the top three malware infections on locally hosted command and control servers, while Gamarue, Nymaim, and Mirai were the top three malware infections on locally hosted botnet drones, accounting for about 80% of Singapore IP addresses infected by malware in 2022.
CSA also noted potential threats in its research, such as those related with the expanding deployment of artificial intelligence, which might be leveraged by both cyber attackers and defenders. While machine learning can provide real-time insights about cyber threats, it can also be utilised for malicious purposes, such as highly focused spear-phishing efforts.
"2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as Covid-19 restrictions began to ease," noted David Koh, commissioner of cyber security and CEO of CSA.
"As with many new technology, emerging technologies such as chatbots have two sides. While we should be optimistic about the opportunities it presents, we must also manage the risks that come with it. "The government will continue to increase its efforts to protect our cyberspace, but businesses and individuals must also play a role," he added.
