Infocomm firms were top cyber targets in Singapore

The Technology, Media, and Telecommunications (TMT) industry group, comprising infocommunications, data centre and media sectors, was the top target for threat actors in 2021, according to Ensign InfoSecurity.

The latest edition of Ensign’s Cyber Threat Landscape report covers Singapore and key Asia-Pacific markets such as Hong Kong, Malaysia, and South Korea. 

Ensign found that nearly 70% of malicious traffic observed in Singapore in 2021 was directed at the infocommunications sector.

Threat actors targeted TMT organisations as they covet these firms’ bandwidth and computing resources, which can be used to build botnets or compromise other connected organisations. 

Additionally, many TMT organisations also support other businesses by providing services such as processing and storing sensitive data. This gives malicious actors an easy access pathway to target and access downstream customers via cyber supply chain compromise.

“Infocommunications companies are lucrative targets for malicious actors as their services penetrate and power almost every aspect of our society and digital economy,” said Steven Ng, CIO and EVP of managed security services at Ensign.

In addition, threat actors were targeting media organisations following the cyberattack campaigns outside Singapore. Media companies saw cyberattacks designed to cause business disruptions, including ransomware campaigns. 

A key driver behind these attacks was to prevent facts from being disseminated to the public. This can distort or disrupt the public’s understanding of the situation.

The transportation industry, comprising the aviation and maritime sectors, became increasingly attractive targets due to their global and regional connectivity. 

This is fuelled by the collection of personal identifiable information for cross-border travel, which may include medical information for COVID-19 tracking purposes.

The maritime sector continues to see ransomware attacks targeting shipping lines and maritime support services. This further exacerbates supply chain challenges caused by COVID-19. Ransomware operators are likely exploiting the already-strained business operations to pressure organisations to pay the ransom.

In 2021, Ensign observed an increase in opportunistic cyber incidents using stolen credentials in Singapore. It revealed that 80% of these incidents were traced to “hands on keyboard” intrusions against remote access portals such as VPN and Virtual Desktop Interfaces.

These attacks can be attributed to COVID-19 where companies were forced to swiftly establish emergency remote working arrangements. However, some of these systems are not adequately secured. 

Also, multi-modal attacks — incorporating misinformation, disinformation and malinformation (MDM) — have risen in prominence as threat actors attempt to increase their success rate. 

MDM techniques employed for phishing typically leverage misleading information or distorted facts to trigger the victims’ urgency of response or action. This increases the threat actors’ chances of successfully gaining access to the targets. Such techniques have been observed in the COVID-19 themed phishing attacks and election-related attacks.

Threat actors also leverage MDM techniques in extortionist attacks. This includes using false information to cause negative hype or sharing illegally exfiltrated sensitive information to influence a large-scale outcome.