Online threats moved past profit, targeted ‘massive disruption’ in 2017: CSA report

Online threats moved past profit, targeted ‘massive disruption’ in 2017: CSA report

The Cyber Security Agency of Singapore says online threats continue to grow in frequency and impact, with phishing top of the list of attacks reported to SingCERT last year.

The online threat landscape continues to evolve globally and attacks have shifted from being profit-driven to those aimed at causing massive disruption such as the ​​​​​​​WannaCry ransomware campaign, the Cyber Security Agency of Singapore (CSA) said on Tuesday (Jun 19).

SINGAPORE: The online threat landscape continues to evolve globally and attacks have shifted from being profit-driven to those aimed at causing massive disruption such as the ​​​​​​​WannaCry ransomware campaign, the Cyber Security Agency of Singapore (CSA) said on Tuesday (Jun 19).

Singapore, being a highly connected country, mirrored these global trends with attacks such as phishing, website defacements and malware infections the main threats reported to the Singapore Computer Emergency Response Team (SingCERT) last year, according to the agency’s Singapore Cyber Landscape 2017 report released on Tuesday.

Phishing was the top of the list of threats reported, comprising about 39 per cent of the total number.

Specifically, there were 23,420 phishing URLs with a Singapore link detected last year, while commonly spoofed websites include those from technology vendors like Microsoft and Apple, file-hosting services like Dropbox and financial services like PayPal, the report said.

Other top threats reported include compromised systems (21 per cent) and ransomware (17 per cent), it added.

There were about 750 systems identified to be controlling networks of bots, with a daily average of about 2,700 botnet drones with Singapore IP addresses, CSA said.

It added that of the more than 400 malware variants detected in 2017, five – Conficker, Mirai, Cutwail, Sality and WannaCry – accounted for more than half of the systems infected daily.

“The majority of these malware are not new, suggesting that many victims are not scanning for viruses and cleaning up their systems,” it said.

The agency said Singapore was relatively unscathed by major ransomware campaigns such as WannaCry, with 25 cases reported to SingCERT last year. It did point out that victims were also infected by other variants such as Cerber, Dharma and Sage, and faced ransom demands ranging between S$2,000 and S$4,000.

The global ransomware campaign last May affected the operations of hospitals in the United Kingdom, as well as major organisations like telco Telefonica and global shipper FedEx.

CYBERCRIME VICTIMS LOST MORE THAN S$95 MILLION

The Singapore Cyber Landscape 2017 report noted that cybercrime continues to grow here, with 5,430 such cases reported last year.

Online cheating and cyber extortion accounted for 82.7 per cent and 1.4 per cent of all cybercrime cases, while the remaining 15.9 per cent involved compromised social media and SingPass accounts, impersonation scams, ransomware, unauthorised access, among others – all of which are offences under the Computer Misuse and Cybersecurity Act.

In total, victims suffered losses of more than S$95 million last year, the study said. An Internet love scam was identified as the highest loss in a single case, amounting to about S$6 million, it added.   

Singapore’s cybersecurity czar David Koh said in the foreword of the report that the country’s move to being a Smart Nation will bring benefits to many, but everyone needs to be savvy users of this connectivity.

“We know that we are only as strong as our weakest link,” Mr Koh said.

“Therefore, we all need to do our part to ensure basic cyber hygiene is in place such as using stronger passwords, to keep our networks trusted and secure.”

Source: CNA/kk

Bookmark