In 2017, the CSA said Singapore's cyber landscape has evolved parallel to global trends, with cyberthreats growing in frequency and impact. "Notably, there was a shift from profit-motivated attacks towards those aimed at causing massive disruptions, such as the WannaCry ransomware campaign," the government agency said.
Common cyber threats such as phishing, website defacements, and malware infections showed no signs of abating in 2017, CSA said1:
Website defacements
In 2017 2,040 website defacements were recorded, many as part of global mass defacement campaigns. The defaced websites belonged mostly to small and medium sized enterprises (SMEs) from a range of sectors such as manufacturing and retail, but also included traditionally tech-savvy information and communications technology (ICT) firms.
Phishing
2017 saw 23,420 phishing URLs with a Singapore link. Phishing emails, email messages which contain such URLs, are one of the simplest and most effective methods that hackers use to steal sensitive personal data (e.g. passwords, contact information, credit card details), the CSA observed. Websites of technology companies such as Apple and Microsoft were commonly spoofed, making up about 40% of the observed phishing, CSA said.
Compromised systems
In 2017, CSA observed about 750 unique command & control (C&C) servers in Singapore, and a daily average of about 2,700 botnet drones with Singapore IP addresses. Of the more than 400 malware variants detected in 2017, five were observed to have caused the majority of the infections: Conficker, Mirai, Cutwail, Sality, and WannaCry accounted for more than half of the systems infected daily. As the majority of these malware are not new, CSA concluded that many victims are not scanning for viruses and cleaning up their systems.
Ransomware
Singapore was relatively unscathed by major ransomware campaigns such as WannaCry. Twenty-five cases of ransomware were reported to SingCERT in 2017. Besides WannaCry, victims were infected by ransomware such as Cerber, Dharma, and Sage, and faced ransom demands ranging between S$2,000 and S$4,000.
Cybercrime
The Singapore Police Force (SPF) reported that cybercrime continued to rise in 2017, with 5,430 cybercrime cases reported. Between 2016 and 2017, cybercrime cases grew from 15.6%2 to 16.6% of total crimes, even as overall crime fell. Online cheating accounted for the majority of cybercrime cases, with other cases involving compromised social media and SingPass accounts, impersonation scams, ransomware and unauthorised access. These are offences under the Computer Misuse and Cybersecurity Act. Singapore’s first conviction of a dark web-related crime took place in November 2017.
Threats to critical information infrastructure (CII)3
CII sectors such as banking and finance as well as government remain prime targets for cyberattacks, because of the sensitive information held by organisations in these sectors. In September 2017, the website of a Singapore insurance company was breached, compromising the personal data of 5,400 customers, including their e-mail addresses, mobile numbers and dates of birth.
Government agencies also faced a range of cyber threats, including system intrusions and spoofed websites. To better protect government systems and citizens’ data, government agencies separated Internet surfing from government networks in 2017.
Threats to businesses
Businesses are common targets of cyberattacks. SMEs are especially vulnerable, as they often lack the resources or know-how to adopt appropriate cybersecurity practices. Almost 40% of the 146 cases reported to SingCERT in 2017 involved businesses, particularly SMEs, and most of the cases involved phishing attacks and ransomware. Businesses are encouraged to invest in cybersecurity solutions to protect themselves from cyberattacks.
Threats to individuals
The three most common cyber threats reported to SingCERT by individuals were phishing, ransomware and tech support scams. A public awareness survey of 2,035 respondents conducted by CSA in 20174 showed that most respondents recognised that everyone had a role to play in cybersecurity, and were concerned about cybersecurity risks. However, there were still gaps in habits when it came to password management and updating of software. To encourage adoption of good cybersecurity practices, the publication highlights four cyber tips5 to help readers go safe online.
CSA takes the approach that cyberattacks are inevitable, and works closely with partners from the public and private sectors to build up Singapore’s cyber resilience. Efforts include the introduction of the new Cybersecurity Act to strengthen the protection of CII sectors, conducting regular cybersecurity exercises to raise CII sector readiness in responding and dealing with cyber incidents, as well as initiatives to develop a professional cybersecurity workforce.
CSA also reaches out to businesses and individuals to raise cybersecurity awareness and adoption through campaigns and platforms such as GoSafeOnline, SingCERT website and social media channels. Other efforts include the push for cybersecurity research and development to accelerate the growth of the industry to support Smart Nation initiatives. CSA also collaborates with international partners to build cyber capacity and drive the adoption of voluntary cyber norms for a “rules-based” international order in cyberspace.
David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said, “Given Singapore’s connectivity, what happens globally is often immediately felt here. As we continue our Smart Nation push, we have to raise our cyber hygiene and defences, especially against cyber-attackers who are getting better resourced and skilled. We need to play our part by being vigilant and adopting good cybersecurity practices to keep Singapore’s cyberspace safe and trustworthy for all.”
 |
| Source: Fortinet. Maciejak. |
"Website defacement is still a critical part of the equation as it’s always here that the hacking stories begin. Mass exploitation campaigns occur automatically in the background, usually taking control of poorly patched websites. These websites could then be used for propaganda, or be used to host different kinds of malicious content that can range from a cloned copy of a website like Apple or Microsoft for phishing, to malware. Always make sure that your servers and web applications are up to date by enabling their auto update feature," he advised.
He also said that a cyberthreat to CII can come from anywhere. "Lax Internet of Things (IoT) device security is a known network weakness and a security gap, not only for individuals but also for businesses. Networks can be penetrated even from those small entry points afforded by IoT devices. The Mirai variant number exploded last year and started to embed not only a list of known logins/passwords but also some exploits to take control of unpatched systems. We recommend that users check their connected devices and apply patches whenever needed. Ultimately, having these devices connect on a segregated network is best," Maciejak said.
Profit-motivated attacks like ransomware are evolving, Maciejak shared. "Fortinet has also witnessed a shift in the tactics, techniques and procedures of threat actors moving slowly from high profile attacks to low profile ones just to stay under the radar. Towards the end of 2017, individuals started to be targeted with cryptojacking attacks, whose purpose is to consume computer CPU cycles to mine cryptocurrencies. The profits take longer to materialise but benefits are greater in the long term as cryptojacking attacks are often undetected (and therefore left alone) by users," he added.
"If you hear your computer’s fans running at full speed without any apparent reason, the smart
thing to do is check your CPU usage. Go to Task Manager on Microsoft Windows ([Ctrl]+[Shift]+[Esc]), Activity Monitor on Mac, and Top on the Linux command line. The above commands will list all the processes running on your computer, allowing you to find the culprit (usually the web browser, e.g. Google Chrome) by filtering real-time CPU consumption.
"Once identified, you can kill the culprit by right clicking on it and selecting “end task”, “kill” or “terminate”. This ends your current connection to the compromised website. After that, you can open your browser again and go to other sites without problems."
Maciejak further said everyone has a role to play with regards to cybersecurity. "Both businesses and individuals should be encouraged to report cybercrimes to the Singapore Police Force or Cyber Security Agency directly," he said.
"The
Singapore Cyber Landscape 2017 Report shows that application
vulnerabilities still account for a large number of cybersecurity
incidents in Singapore, with unpatched IoT devices and vulnerable
applications (such as websites) as the primary targets. While the
authorities and vendors have relentlessly educated the public and
businesses on basic cybersecurity hygiene, a more regimented risk-based
approach to software development should be taken to ensure that products
that are shipped to markets are as secure as possible.
"Security is a people skill, and so education has to take precedence. Building strong cybersecurity skills is an investment into your application developers so that they may successfully build security into applications that power businesses, and maintain those security measures over time. Singapore and its government have done an admirable job in evangelising the importance of skill-upgrading and continuing education, but given the escalation of bad actors and hacking worldwide, equipping the nation with the most qualified and trained talent will be a challenge.
With the rapid adoption of IoT, especially in CII as well as other business and consumer spaces, IoT vendors have some challenges integrating security into their designs, seeing security as a complicated and tedious process that philosophically seems to contradict the simplicity of IoT itself. However, with the Cybersecurity Bill, CII and other firms alike will need to seriously examine how security is built into IoT devices, rather than bolting it on as an afterthought. To supplement the limited talent pool in Singapore, one strategy is to implement more automated solutions into research and development processes to monitor and audit applications for security vulnerabilities,” commented Justin Hammond, Director of Customer Solutions and Support, Software Integrity Group, Synopsys.
"Security is a people skill, and so education has to take precedence. Building strong cybersecurity skills is an investment into your application developers so that they may successfully build security into applications that power businesses, and maintain those security measures over time. Singapore and its government have done an admirable job in evangelising the importance of skill-upgrading and continuing education, but given the escalation of bad actors and hacking worldwide, equipping the nation with the most qualified and trained talent will be a challenge.
With the rapid adoption of IoT, especially in CII as well as other business and consumer spaces, IoT vendors have some challenges integrating security into their designs, seeing security as a complicated and tedious process that philosophically seems to contradict the simplicity of IoT itself. However, with the Cybersecurity Bill, CII and other firms alike will need to seriously examine how security is built into IoT devices, rather than bolting it on as an afterthought. To supplement the limited talent pool in Singapore, one strategy is to implement more automated solutions into research and development processes to monitor and audit applications for security vulnerabilities,” commented Justin Hammond, Director of Customer Solutions and Support, Software Integrity Group, Synopsys.
Explore:
The Singapore Cyber Landscape 2017 publication reviews Singapore’s cybersecurity situation in 2017 against the backdrop of global trends and events, and highlights Singapore’s efforts in creating a safe and trustworthy cyberspace. Read the report (PDF)
Read the TechTrade Asia blog post about CSA's National Cybersecurity Awareness Campaign – Cyber Tips 4 You
1 CSA regularly reviews and enhances its coverage of cyber threats globally and locally towards a comprehensive understanding of Singapore’s cyber landscape. The increase in the number of threats detected in 2017 was in part a result of such efforts.
2 In the Singapore Cyber Landscape 2016, it was reported that cybercrime accounted for 13.7% of all crimes in 2016. SPF has since revised that 2016 figure to 15.6%.
3 Singapore’s 11 CII sectors are: aviation, Banking & Finance, Energy, Government, Healthcare, Infocomm, Land Transport, maritime, media, security & Emergency, and Water
4 CSA’s Public Awareness Survey in 2017 Reveals Signs of Improvement in Cybersecurity Practices, 23 April 2018.
5 CSA launched the second National Cybersecurity Awareness Campaign – Cyber Tips 4 You in April 2018. Watch the campaign videos
No comments:
Post a Comment