• Cyber Threat
    Landscape in Singapore
    sh
    sh

  • Cyber Threat
    Landscape in Singapore


Implications on Enterprises

26 October 2017

Singapore’s vision of a Smart Nation aims to bring all of us to the forefront of 21st century living – better standards of living, greater opportunities and stronger communities.

With technology enabling a more connected environment to drive organisational productivity, greener and safer workplaces and even creating disruptive competitive advantages, this new wave has also increased business vulnerability to cyber attacks.  

This exposure can lead to threats that aim to steal or alter data, disrupt daily activities, and cripple critical infrastructure supporting businesses. Through being more aware of the nature of such threats, organisations in Singapore can be better prepared to deal with the ever-evolving cyber threats as they emerge.

 

The Reality of Cyber Threats

According to the Cyber Security Agency of Singapore (CSA) and the Singapore Police Force (SPF), the pervasiveness of cyber crime has been steadily increasing from 7.9% in 2014 to 13.7% in 2016.1 This will only continue to rise unless robust measures are put in place to ensure a resilient and safe cyber environment.

 

“Cybersecurity is important for Singapore given our high dependence on information technology and the Internet, and cybercrime is also growing. Cyber-attacks can take many forms and come from many sources. They range from defacements of website and data theft, often by persons who hide behind the anonymity of cyberspace [and] can also include systemic threats”

- Deputy Prime Minister Teo Chee Hean

 

Of all the cyber attacks recorded in 2016, it has been observed that the top four most prevalent types of attacks are Ransomware, Defacements, Command & Control (C&C) servers and Distributed Denial of Service (DDoS), and Phishing. In this blog post, we will examine these four common cyber attacks – who are most susceptible, and how businesses and individuals can combat future threats.

 

Ransomware

Arguably one of the most operationally disruptive cybersecurity threat to Singapore, ransomware is a type of malware that encrypts files and entire drives on a victim’s device, rendering them inaccessible until a ransom is paid in digital currencies such as Bitcoins. The perpetrators carry out these attacks for financial gains or to disrupt business operations. Spread unsuspectingly through e-mail or malicious and unsafe ads, the attacks are opportunistic and may happen to anyone, large and small businesses alike.

 

Cerber, CryptoLocker and Locky were among the types of reported ransomware with over 19 cases recorded by SingCERT (Singapore Computer Emergency Response Team) in 2016. 550 suspected cases have since been reported to occur daily, based on observations by TrendMicro, an international cybersecurity company.1

 

Businesses can keep ransomware at bay by adopting the following measures: 

Practice Internet-browsing best practices and avoid suspicious links and malicious sites

  • Update your software with the recommended patches

  • Perform regular backups to better recover encrypted files

Should you suffer a ransomware attack, you may refer to SingCERT’s “NoMoreRansom” website2 for guidance on available decryption tools to restore “locked” files. New decryption tools are available for more recent ransomware such as NemucodAES, LambdaLocker, MacRansom and Jaff.

 

Defacements

Nearly 1,800 website defacements were detected in Singapore in 2016, with the majority being websites belonging to SMEs. These defaced websites typically experience a drastic change in visual appearance, coded by Hacktivists (hackers) through unauthorised access to the web-hosting server.

Such attacks may serve as a potential front to distract the victim from a genuine cyber threat, such as a data breach. In some cases, visitors to the infected website catch on to the bug and get their devices infected through any form of malicious code. The most recent example occurred on August 29, where Meridian Secondary School’s Young Illustrator Award site got defaced a day before the competition was supposed to end.3

Website owners are advised to keep their applications (including plug-ins) and operating systems up-to-date to prevent hackers from exploiting known vulnerabilities on outdated systems. If you are still on Windows 8, update to Windows 10, likewise for Mac, update to the latest OS. Companies that use third-party Internet Service Providers (ISP) are advised to find out about the preventive measures in place from their hosting provider(s).

 

C&C Servers and DDoS

A C&C server is a machine operated by hackers to communicate with devices that have been infected with malware. Instructions are communicated to the group of infected devices, collectively known as a botnet, to perform malicious activities such as DDoS attacks.

A DDoS attack occurs when a system is bombarded with large volumes of data or specially crafted malicious traffic sent from a botnet. This affects the system’s ability to respond to legitimate users in a timely manner. 2016 saw the growth of DDoS extortion threats, with many organisations in Singapore receiving e-mails demanding payment in digital currency, or else they face a potential DDoS attack.

Simple Service Discovery Protocol (SSDP), Domain Name Servers (DNS) and Network Time Protocol (NTP) are some of the services that, if not configured properly, can be used to facilitate DDoS attacks.

Remediation for these vulnerabilities can be as simple as changing the configuration of your switches and routers to automatically reject external network packets, or updating your device’s username and password from the default.

 

Phishing

Phishing refers to websites that are compromised or created by hackers to trick Internet users into believing they are accessing a legitimate and trusted website.

More than 2,500 phishing URLs were detected in 2016, with the Banking
& Finance sector appearing to be the most spoofed (31 per cent of all observed phishing URLs).4 Among online services, PayPal was spoofed most often in phishing campaigns. The cause could be for financial gains as Hacktivists fish out personal data from potentially any and everybody.

CSA also observed that file-hosting service providers were popular targets as Hacktivists could easily harvest user credentials from there. Some Government institutions were also spoofed, as attackers sought personal data such
as passport numbers that could be traded in underground markets.

As an example, in February this year, Mindef experienced a cybersecurity breach in which the personal details of 850 national servicemen and staff were stolen.5 These recent attacks impugned our Nation’s cybersecurity measures and led to the introduction of a two-step verification process for e-Government transactions to enhance security.

Users and/or potential victims should always seek to verify the URL and e-mail addresses they receive. Good indicators of a spoofed site are its bad grammar, poor spelling and/or inappropriate images. When in doubt, err on the side of caution and refrain from submitting any sensitive information.

 

Looking Ahead

As our world gets increasingly hyper-connected, we can expect cyber threats to also increase globally. However, not all is bleak as the Singapore Government raises its efforts to spur greater involvement of all stakeholders – Government agencies, Singapore’s cyber industry, professionals, academia, researchers and even students – to come up with new and more effective ways to combat ever-evolving cyber threats.

 

Knowing the enemy, their motivations and techniques, will allow us to have a fighting chance of detecting intrusions earlier and dealing with them promptly. Aim for resilience as it is impossible to prevent successful attacks 100% of the time.

- David Koh, Chief Executive, Cyber Security Agency of Singapore

 

Everyone has a part to play, and everyone has to play his or her part. Cybersecurity is a team effort and together, we can make Singapore a safe and trustworthy Smart Nation.

 

References 

1.Singapore Cyber Landscape 2016, Cyber Security Agency of Singapore, ISBN: 978-981-11-3519-4

2. NoMoreRansom project, a non-commercial Initiative supported by CSA, https://www.nomoreransom.org/en/index.html

3. Meridian Secondary School Art Competition Site Hacked, TodayOnline, http://www.todayonline.com/singapore/meridian-secondary-schools-art-competition-site-hacked

4. Monetary Authority of Singapore Forms international advisory panel for cybersecurity, OpenGovAsia, http://www.opengovasia.com/articles/8031-monetary-authority-of-singapore-forms-international-cybersecurity-advisory-panel

5. MINDEF Internet system breached; data stolen from national servicemen, employees, ChannelNewsAsia, http://www.channelnewsasia.com/news/singapore/mindef-internet-system-breached-data-stolen-from-national-servic-7617146

12 things you should know about Business Chat in iOS 11

Connect directly with your customers within messages.

Read more
Jumping on the Black Friday bandwagon

Boost online business at this 1-day fiesta

Boost online business at this 1-day fiesta
Boost online business at this 1-day fiesta
Read more
The sweet side of Halloween

Cashing in through creative marketing.

Read more