Waterhole attacks, phishing top cyberthreats in Singapore

Waterhole attacks, a strategic website compromise attack, and phishing as Singapore’s top threat vectors in 2019, accounting for 84% of all cyberattacks detected, according to Ensign InfoSecurity’s Singapore Threat Landscape 2019 report.

The report also revealed that the high technology industry in Singapore is the top target for threat actors in 2019. Companies in this sector are attractive targets as threat actors want to exploit their data centre infrastructure to expand their botnet activities as well as target other organisations whose servers are being hosted there.

Rounding up the top five most targeted sectors in Singapore were info-communications (2nd), media (3rd) , institutes of higher learning (4th), and financial services (5th).

Waterhole attacks are the most prevalent threat vector of 2019, contributing to nearly half (47%) of all detected cyberattacks in Singapore. Waterhole attacks occur when an attacker compromises a website and replaces its content with malicious payloads. Unsuspecting victims who then download content from these websites will infect their machines with malware.

The other top threat vector in Singapore is phishing, and almost two out of five (37%) of the detected cyberattacks in 2019 can be attributed to it.

Both waterhole attacks and phishing are the favoured techniques of the threat actor group, APT32. The report uncovered that the increase in activities associated with APT32, also known as Oceanlotus, is higher than any other threat actor groups in Singapore in 2019.

APT32, which has been active since 2014, concentrates its activities in Southeast Asia and has targeted multiple private sectors and governments across the region.

In 2019, Ensign detected APT32 associated activities in 23 out of 34 sectors (68%) in Singapore.  The spread of cyberattacks across diverse sectors aligns with APT32’s strategy of running opportunistic phishing email campaigns throughout the year.

The report also found that Emotet was the most prominent malware in Singapore. Ensign detected Emotet activities in 27 out of 34 (79%) sectors in 2019, impacting more than 1,200 companies. The widespread attacks across a broad spectrum of sectors indicate the attacks were likely opportunistic and in the form of spam campaigns.