SINGAPORE: Cybercrime accounted for 43 per cent of all crime in Singapore last year, with the COVID-19 pandemic being a key factor in online threats.
According to an annual report released by the Cyber Security Agency of Singapore (CSA) on Thursday (Jul 8), there were 16,117 cases of cybercrime last year, up from 9,349 cases recorded in 2019.
The top category of cybercrime relates to online cheating, with 12,251 cases last year, a 62 per cent rise from 7,580 cases in 2019.
“This trend is attributed to the rapid growth of e-commerce, the proliferation of community marketplace platforms and social media platforms as Singaporeans carried out more online transactions due to COVID-19,” said CSA.
Of the remaining cybercrime cases, 3,621 fell under the Computer Misuse Act and 245 were cyber extortion cases.
IMPACT OF COVID-19
In its annual Singapore Cyber Landscape report, CSA noted that globally, a significant portion of malicious cyber activities “fed off and took advantage of the coronavirus outbreak”.
“Throughout 2020, CSA observed that global threat actors had capitalised on the anxiety and fear wrought by the pandemic, with repercussions felt by individuals and businesses,” said CSA.
“Some of these trends were mirrored locally, where a surge in ransomware incidents as well as the emergence of COVID-19-related phishing activities were seen,” it added.
“These also coincided with the rise of work from home arrangements, as individuals and businesses adopted new technologies to maintain business continuity.”
The report noted, for instance, that when Singapore’s “circuit breaker” kicked in, Zoom for home-based learning was suspended after breaches involving obscene images.
And when Singapore moved to Phase 2 of its reopening, malicious actors pivoted to exploiting vulnerabilities in contact tracing technology. The report said that 12 fake COVID-19 contact tracing apps with the ability to deliver malware were detected, including a fake TraceTogether app.
RANSOMWARE, MALICIOUS COMMAND AND CONTROL
Other than cybercrime, ransomware cases also increased.
A total of 89 ransomware cases were reported to the CSA last year, a “sharp rise” of 154 per cent from the 35 cases reported in 2019.
They mainly affected small- and medium-size enterprises (SMEs) from sectors such as manufacturing, retail and healthcare.
“The significant increase in local ransomware cases was likely influenced by the global ransomware outbreak, where three distinct characteristics were observed as ransomware operators deployed increasingly sophisticated tactics,” said CSA.
The characteristics include shifting from “indiscriminate, opportunistic attacks” to “targeted ‘Big Game Hunting’”. This involves targeting large businesses in hope of higher ransom pay-outs.
There were also “leak and shame” tactics, as well as a rise in “Ransomware-as-a-Service” models, which made sophisticated ransomware strains accessible to less technically-adept cybercriminals.
CSA also said there were 1,026 malicious command and control (C&C) servers hosted in Singapore last year, a 94 per cent increase from 530 servers in 2019.
About 6,600 botnet drones with Singapore IP addresses were detected daily last year, up from the daily average of 2,300 in 2019.
READ: Singapore joining Interpol-led global financial crime task force looking into COVID-19 vaccine scams
C&C servers are centralised devices operated by attackers to maintain communications with compromised systems - known as botnets - within a targeted network.
The number of phishing URLs remained largely the same. In 2020, there were about 47,000 unique Singapore-hosted phishing URLs - or those with a .sg domain. This is a 1 per cent decrease from the 47,500 URLs in 2019.
“COVID-19 themes very likely accounted for over 4,700 of malicious URLs spoofing local entities and services that were in greater demand during Singapore’s circuit breaker period, which included online retail and payment portals,” said CSA.
This was part of a global surge in COVID-19-related phishing campaigns in 2020, the agency noted.
In 2020, 495 “.sg” websites were defaced, a 43 per cent drop from 873 in 2019.
According to CSA, the majority of victims were SMEs. Government websites were unaffected.
“The significant fall in 2020 is consistent with global trends and suggests that activist groups could have chosen other platforms with potentially wider reach (eg social media) to embarrass their victims and attract visibility for their causes,” said CSA.
UPCOMING CYBERSECURITY TRENDS
As the cyber landscape becomes “increasingly complex and dynamic”, CSA cautioned against three emerging cybersecurity trends - ransomware, the targeting of a remote workforce and increased targeting of supply chains.
“Ransomware has evolved into a massive and systemic threat, and is no longer restricted to the sporadic and isolated incidents observed,” said CSA.
It added that the recent global spate of high-profile ransomware incidents affecting essential service providers and key firms showed that the attacks could “cause real-world effects and harm, and may have the potential to become national security concerns”.
“The proliferation of such attacks spells an urgency for businesses to review their cybersecurity posture and ensure that they build their systems to be resilient in recovering from any successful cyberattacks.”
As remote working became more common during the pandemic, poorly configured network and software systems have “widened the attack surface” and put organisations at greater risk of cyberattacks, added CSA.
Supply chain breaches are also becoming more sophisticated.
“The compromise of a trusted supplier of software can result in widespread repercussions worldwide, as victims could include major vendors with huge customer bases,” the agency added.