Singapore, which saw a drop in common security threats last year, expects to see more data breaches in the near future, says the Cyber Security Agency (CSA).
The Cyber Security Agency says that in the near future there would be more frequent data breaches plus disruptive attacks against the cloud, in Singapore. APTs (Advanced Persistent Threats) too are on the rise, it’s reported.
The CSA has reported that 2018 saw 605 cases of website defacement happening, while in 2017 the figure was 2,040. Websites of SMBs (Small and Medium-Sized Businesses) were affected the most. A couple of government websites too were affected, and the attacks showed a steep climb in November 2018, most likely because of a hacker exploiting vulnerabilities in an unpatched web server that hosted websites for various businesses. 2018 also saw a 30 percent drop in phishing URLs containing a Singapore link and the most affected firms either belonged to the banking and financial sector or offered tech and file-hosting services. There was also a considerable drop in the number of ransomware incidents (from 25 in 2017 to 21 in 2018) and a 60 percent drop in the number of C&C servers as well. It’s also revealed by the CSA that on a daily basis, almost 2,900 botnet drones with Singapore IP addresses were identified in 2018.
While 2018 saw 470 malware variants being detected, five of them, namely Gamarue, Conficker, Mirai, WannaCry and Gamut, generated over half of the detected infections. This is a clear indication to the fact that users, in large numbers, still continue to be indifferent as regards patching software or devices and also as regards adopting effective security measures. The CSA also reports an increase in the number of reported cybercrime (from 5,351 in 2017 to 6,179 in 2018). Of these, 1,204 were investigated under the country’s Computer Misuse Act. (There was a 40 percent increase in the number of cases investigated under this act too). As per the report, cybercrime accounted for almost 19 percent of all reported crime in the country.
The report by the CSA also points out that in 2018, 2,125 instances of e-commerce scams were reported; such e-commerce scams led to the overall loss of around S$1.9 million (US$1.38 million) to victims. Almost 70 percent of these e-commerce scams occurred on Carousell, the consumer-to-consumer online marketplace and involved electronic products and tickets to events and attractions. CSA also reports an increase, from 332 in 2017 to 378 in 2018, in email impersonation instances, which caused businesses an overall loss of around S$58 million (US$42.26 million).
As already mentioned, the CSA estimates that data breaches would increase in Singapore in the near future. The CSA has also stated that as IoT (Internet of Things) devices and connected industrial control systems get used very widely, smart buildings and connected systems stand the most risk of cyberattacks. It’s also pointed out that cybercriminals would tend to use AI to detect vulnerabilities and to develop smarter malware. They would also be breaching biometric data, which would help them gain access to personal data on a large scale.
The CSA has pointed out that taking into consideration the possibilities of frequent data breaches in the near future, individuals as well as organizations need to be vigilant and pay more attention to cybersecurity. CSA’s chief executive and cybersecurity commissioner David Koh has clarified that the Singapore government has already taken steps to beef up the country’s cybersecurity posture. The implementation of the Cybersecurity Act and the introduction of some new initiatives are all part of this. In April, the government had assembled a committee to review data security practices in the public sector following an increase in data breaches involving government entities; these breaches had caused the breach of sensitive personal data of 808,201 blood donors and 14,200 individuals with HIV. The committee would also assess measures and processes relating to the protection of sensitive personal data of all citizens of the country; this is likely to be done by government agencies plus government-appointed vendors.
In the wake of these findings, Singapore readies itself to meet the cybersecurity challenges. Systems are being made as secure as possible and all efforts are taken to combat cybersecurity issues in a swift, robust and effective manner.