A report reveals that online scams accounted for 81% of cybercrime incidents in Singapore last year.
SINGAPORE: Individuals and businesses in Singapore encountered a surge in cybercrime, including phishing and ransomware threats, last year, according to a report released by the Cyber Security Agency of Singapore (CSA) on Monday (Aug 29).
In 2021, ransomware incidents reached 137, marking a significant 54% increase from the 89 cases reported in 2020. Ransomware attacks occur when hackers utilize malicious software to encrypt files on devices and then demand payment to restore access.
The CSA’s annual Singapore Cyber Landscape publication indicated that small- and medium-sized enterprises (SMEs) in sectors like manufacturing and IT were the most affected. The agency noted, “The around-the-clock nature of these sectors’ operations did not provide sufficient time to patch their systems, potentially allowing ransomware groups to exploit vulnerabilities.”
Ransomware groups targeting SMEs employed a model known as “Ransomware-as-a-Service,” which enables less technically skilled cybercriminals to access sophisticated ransomware strains and use existing infrastructure to distribute malicious software.
Additionally, phishing cases saw a 17% rise, with around 55,000 unique phishing URLs ending in “.sg” detected in 2021, up from 47,000 the previous year. Phishing involves tricking individuals into revealing sensitive personal information, such as account passwords and credit card numbers. The CSA noted that social media platforms accounted for over half of the spoofed phishing targets, which may have been exacerbated by malicious actors capitalizing on public interest in WhatsApp’s updated privacy policy regarding user data sharing with Facebook.
Scammers also took advantage of the COVID-19 pandemic and the emergence of the Omicron variant in late 2021 to spoof government websites, the CSA added.
ONLINE SCAMS LEAD CYBERCRIME STATISTICS
The Singapore Police Force identified cybercrime as a major concern, reporting 22,219 cases last year, which represents a 38% increase from the 16,117 cases in 2020. Online scams accounted for the largest category of cybercrime, comprising 81% of all cases. The remainder included 17% categorized as Computer Misuse Act violations and 2% as cyber extortion.
Furthermore, the CSA revealed that Singapore hosted 3,300 malicious command and control servers last year, more than tripling from 1,026 in 2020. This represents the highest number of such servers recorded since 2017. These servers serve as centralized devices operated by attackers to maintain communication with compromised systems, known as botnets, within targeted networks.
Last year, approximately 4,800 botnet drones with Singapore IP addresses were detected daily, a 27% decrease from the daily average of 6,600 in 2020. Cases of website defacements also dropped by 15% from 495 in 2020 to 419 last year, with most victims being SMEs. This decline may be attributed to hacktivist activities shifting to platforms with a broader reach, such as social media.
EMERGING TRENDS IN CYBERCRIME
The CSA’s report underscored the potential for a fragmented world of cyber norms and standards due to geopolitical tensions like the Russia-Ukraine conflict. “Russia previously faced significant hurdles in decoupling from US technology due to risks of suspending various payment services and products used by its citizens,” noted the CSA.
The agency explained that sanctions imposed by Western tech companies following Russia’s invasion of Ukraine would likely intensify Russia’s desire for self-sufficiency in technology. Countries like China are also pursuing greater independence in advanced technology sectors.
Moreover, CSA observed that cybercriminal and hacktivist groups are aligning with factions in the Russia-Ukraine conflict, engaging in malicious cyber activities for political motives. “This trend raises the risk of reprisals, as serious cyber incidents by these groups could serve as a pretext for escalation by either side,” the agency cautioned.
In addition, the rise in crypto-based crime is largely attributed to peer-to-peer financial platforms that facilitate direct transactions. The platforms’ borderless accessibility and anonymity features complicate tracking illicit activities and enforcing regulations across borders, emboldening cybercriminals to engage in more crypto-related scams.
CSA also identified a trend of cybercriminals targeting critical Internet of Things (IoT) devices in ransomware attacks, leading to significant downtime costs. “Employees have been known to connect their personal IoT devices to organizational networks without security teams’ knowledge,” the agency stated. “If organizations in critical industries, such as healthcare, are infected with ransomware, it could have serious, life-threatening consequences.”
A COLLECTIVE EFFORT IN CYBERSECURITY
Improving awareness and adopting strong cybersecurity practices are essential for fostering a digital economy and lifestyle, according to CSA. The agency launched initiatives such as the SG Cyber Safe Programme last year to assist companies in enhancing their online protection and introduced cybersecurity toolkits tailored to different enterprise roles.
CSA collaborated with the Infocomm Media Development Authority (IMDA) to offer pre-approved cybersecurity solutions for SMEs. “The cyber landscape in 2021 was fraught with increasingly sophisticated threats and more audacious threat actors,” remarked Mr. David Koh, commissioner of cybersecurity and CEO of CSA. “The government has intensified efforts to collaborate with our stakeholders, but cybersecurity is a team sport. Only by working together across borders can we hope to effectively combat the ever-evolving threats,” he added.
