9,080 cases handled by CSA’s SingCERT in 2020, marking second consecutive year of increase.
The Cyber Security Agency of Singapore (CSA) released its Singapore Cyber Landscape (SCL) 2020 publication today, revealing an increase in cyber threats such as ransomware and online scams in 2020.
CSA’s SingCERT (Singapore Computer Emergency Response Team) handled a total of 9,080 cases in 2020, marking the second consecutive year of increase, compared to 8,491 cases reported in 2019 and 4,977 cases in 2018 respectively.
Although the number of phishing incidents remained stable and website defacements declined slightly, malicious cyber activities remain a concern amid a rapidly-evolving global cyber landscape and increased digitalisation brought about by the COVID-19 pandemic.
Throughout 2020, CSA observed that global threat actors had capitalised on the anxiety and fear wrought by the pandemic, with repercussions felt by individuals and businesses.
These threat actors made their presence felt, targeting areas such as e-commerce, data security, vaccine-related research and operations, as well as contact tracing operations. Some of these trends were mirrored locally, where a surge in ransomware incidents as well as the emergence of COVID-19-related phishing activities was seen. These also coincided with the rise of Work-from-Home (WFH) arrangements, as individuals and businesses adopted new technologies to maintain business continuity.
Key Malicious Cyber Activities in 2020:
Ransomware. 89 ransomware cases were reported to CSA in 2020, a sharp rise of 154 per cent from the 35 cases reported in 2019. The cases affected mostly Small-and-Medium Enterprises (SMEs), and hailed from sectors such as manufacturing, retail and healthcare. The significant increase in local ransomware cases was likely influenced by the global ransomware outbreak, where three distinct characteristics were observed as ransomware operators deployed increasingly sophisticated tactics. They include (a) shifting from indiscriminate, opportunistic attacks to more targeted “Big Game Hunting (BGH)”; (b) the adoption of “leak and shame” tactics; and (c) rise in “Ransomware-as-a-Service” (RaaS) models.
Malicious Command and Control (C&C) Servers & Botnet Drones. In 2020, CSA observed 1,026 malicious C&C servers hosted in Singapore, a 94 per cent increase from the 530 C&C servers observed in 2019. The rise was in part attributed to the increase in C&C servers distributing the highly pervasive Emotet and Cobalt Strike malware, which accounted for one-third of the malware C&C servers observed.
In 2020, CSA detected about 6,600 botnet drones with Singapore IP addresses daily, an increase from 2019’s daily average of 2,300. Variants of the Mirai and Gamarue malware were prevalent among infected botnet IP addresses in 2020, with Mirai malware, which primarily targets Internet-of-Things (IoT) devices, staying strong due to the continuing growth of IoT devices locally.
Phishing. About 47,000 unique Singapore-hosted phishing URLs1 (with a “.SG” domain) were observed in 2020, a slight decrease of 1 per cent compared to 47,500 URLs seen in 2019. Globally, 2020 saw a surge in COVID-19-related phishing campaigns. In Singapore, the overall volume of malicious phishing URLs remained comparable to the figures seen in 2019. COVID-19 themes very likely accounted for over 4,700 of malicious URLs spoofing local entities and services that were in greater demand during Singapore’s circuit breaker period, which included online retail and payment portals.
Website Defacements. 495 ‘.sg’ websites were defaced in 2020, a decrease of 43 per cent from 873 in 2019. The majority of victims were SMEs, and no government websites were affected. The significant fall in 2020 is consistent with global trends and suggests that activist groups could have chosen other platforms with potentially wider reach (e.g. social media) to embarrass their victims and attract visibility for their causes.
Cybercrime. The Singapore Police Force reported that cybercrime remained a key concern, with 16,117 cases reported in 2020, up from 9,349 cases in 2019. It accounted for 43 per cent of overall crimes reported in 2020. Online cheating2 cases made up the top cybercrime category in Singapore, recording a rise of almost 62 per cent from 7,580 cases in 2019, to 12,251 cases in 2020. This trend is attributed to the rapid growth of e-commerce, the proliferation of community marketplace platforms and social media platforms as Singaporeans carried out more online transactions due to COVID-19.