Ransomware continued to be a persistent threat to organisations in Singapore in 2022, with retail and manufacturing SMEs the most attacked, the Cyber Security Agency of Singapore revealed in its Singapore Cyber Landscape (SCL) 2022 report.

According to the agency, retail and manufacturing companies often hold valuable data as well as intellectual property (IP), which cybercriminals intend to exploit for financial gain. 

Often, SMEs in these industries lack dedicated resources to counter cyberthreats, the CSA added.

Despite a 13% global increase in ransomware incidents in 2022, Singapore saw a slight drop in reported cases, from 137 in 2021, down to 132 in 2022.

Exponential rise in phishing attempts

Regarding phishing, 2022 saw over 8,500 incidents reported to the Singapore Cyber Emergency Response Team (SingCERT), which is more than double the 3,100 cases in 2021.

Over 50% of the reported cases involved URLs ending with “.xyz” – a popular top-level domain (TLD) among threat actors given its low cost and limited usage restrictions, the CSA highlighted.

Cybercriminals have also enhanced their tactics, as indicated by the frequent usage of URL shortener services “to mask their malicious intent and track the click-through rate of their phishing campaigns.”

Meanwhile, more than 80% of reported phishing sites pretended to be entities within the banking and financial services sector. 

Overall, SingCERT took down 2,918 malicious phishing sites in 2022.

Decrease in infected infrastructure

In 2022, the CSA reported a 13% decrease in infected infrastructure, formerly known as command-and-control (C&C) servers and botnet drones. The number of infected systems in Singapore decreased to 81,500, down from 94,000 in 2021.

Globally, Singapore’s share of infected infrastructure also decreased, from 0.84% in 2021 to 0.34 in 2022. While the CSA acknowledged improved cyber hygiene across enterprises, the agency admitted that the number of infected systems in the country remains high.

“The top three malware infections on locally hosted C&C servers were Cobalt Strike, Emotet, and GuLoader, while Gamarue, Nymaim, and Mirai were the top three malware found on locally hosted botnet drones, accounting for nearly 80% of Singapore IP addresses infected by malware in 2022,” the CSA noted.

Fewer websites defaced

Only 340 “.sg” websites were defaced in 2022, a decrease of 19% from 2021’s 419 recorded cases.

According to the CSA, this decline in website defacement could be attributed to hacktivist activities shifting to other platforms with potentially wider reach, such as social media.

The CSA stated that most of the victims of website defacement were SMEs.

Cybersecurity developments

For the remainder of 2023, the CSA has identified three cybersecurity trends to watch out for:

• Ransom for reputation: The CSA predicts that while extortion attempts will persist, the actual deployment of ransomware may decline. This is because ransomware-as-a-service (RaaS) providers are shifting their focus towards data exfiltration and public shaming on “leak sites.” The CSA warns of threat actors fabricating breaches by repackaging data from previous breaches or utilising open-source data scraping. Consequently, industries and the public should exercise greater discernment.

• AI for bad and good: As AI is increasingly used to enhance enterprises’ security measures, cybercriminals are also leveraging this technology for malicious purposes. The CSA cautions against highly targeted spear-phishing campaigns and the use of deepfakes to impersonate C-suite executives. These tactics can lead to account takeovers, business fraud, and damage to an organisation’s share price or reputation.

• Systemic risks from economic adversity: The ongoing Russia-Ukraine conflict and the resulting financial pressures and rising cost of living are expected to lead to a global economic downturn in 2023, as forecasted by the International Monetary Fund. Threat actors may exploit the psychological vulnerability of individuals affected by the economic downturn to perpetrate financial scams. Additionally, there is a risk that C-suite executives may reduce security budgets, exposing organisations to significant risks. This scenario could amplify the occurrence of ransomware attacks and serious breaches, the CSA said.

As COVID-19 restrictions began to ease, 2022 witnessed a heightened cyberthreat environment fuelled by geopolitical conflict and cybercriminal opportunism, remarked David Koh, Commissioner of Cybersecurity and Chief Executive of the CSA.

“Emerging technologies like chatbots are double-edged, as with many new technologies. While we should be optimistic about the opportunities they bring, we must also manage the accompanying risks. The government will continue to intensify our efforts to protect our cyberspace, but it is crucial for businesses and individuals to play their part as well. Only by working together can we fully reap the benefits of our digital future,” he concluded.