Ransomware cases in Singapore rose 154% in 2020

SINGAPORE'S cybersecurity agency on Thursday sounded the alarm on the growing trend of ransomware, noting that it has evolved into a "massive and systemic threat".

Last year, 89 ransomware cases were reported to the Cyber Security Agency of Singapore (CSA), marking a rise of 154 per cent from the 35 cases reported in 2019. The cases affected mostly small and medium enterprises and emerged from sectors such as manufacturing, retail and healthcare.

A total of 68 cases were reported in the first half of 2021, already more than double the 31 cases reported in the first half of last year.

"The number of reported cases we expect this year is likely to exceed the numbers that we saw last year. It's probably just the tip of the iceberg, because there are probably cases that are not reported to us," CSA chief executive David Koh told The Business Times in an interview.

Overall, CSA's SingCERT (Singapore Computer Emergency Response Team) handled a total of 9,080 cybersecurity cases in 2020, marking the second consecutive year of increase. It handled 8,491 cases in 2019 and 4,977 cases in 2018.

Of the cases in 2020, phishing incidents remained stable while website defacements declined 43 per cent, according to CSA's Singapore Cyber Landscape report. But there was an increase in cybercrime cases of 1.7 times and more malicious command and control servers and botnet drones were detected.

A NEWSLETTER FOR YOU

Monday, 3.30 pm

Garage

The hottest news on all things startup and tech to kickstart your week.

Sign Up

Local ransomware cases significantly increased amid the global ransomware outbreak, said CSA. US-based IT company Kaseya was recently a victim of an attack that affected up to 1,500 businesses around the world, many of them customers of Kaseya's customers. Hackers are demanding US$70 million to restore the data.

Other high profile incidents include an attack on Colonial Pipeline, which operates the largest fuel pipeline in the US East Coast, and JBS, the world's largest meat processing company by sales.

"Ransomware is no longer a sporadic nuisance, affecting a handful of machines. It has been transformed into a massive, systemic threat affecting entire networks of large enterprises. This is now a major security issue that affects Critical Information Infrastructure (CII) sectors and nations," Mr Koh said in CSA's report.

The evolution of ransomware activities bear three distinct characteristics, according to CSA. Hackers are shifting from indiscriminate, opportunistic attacks to more targeted "Big Game Hunting" where large businesses are targeted for higher ransom payouts.

Threat actors are employing tactics whereby stolen data would be publicly leaked if ransom demands are not met.

The rise in the "ransomware-as-a-service" model is also making sophisticated ransomware strains accessible to less technically-adept cybercriminals. In this model, hackers focus on malware development while relying on third parties to distribute their malware for a share of the ransomware profits.

CSA noted that high-profile ransomware incidents affecting essential service providers and key companies demonstrate that the attacks could cause real-world effects and harm, and may have the potential to become national security concerns.

In a written response to parliamentary questions about guarding Singapore against ransomware, Minister for Communications and Information Josephine Teo on Tuesday said CSA has directed CII sectors to raise their cybersecurity posture.

This includes enhancing monitoring, backing up data regularly and keeping the backup offline, and practising incident response and business continuity plans.

An incident management exercise involving over 30 government agencies will be conducted in August to refresh agencies' familiarity with procedures to handle cyber incidents such as ransomware, Mrs Teo added.

Other emerging cybersecurity trends highlighted in CSA's report include the targeting of a remote workforce and increased targeting of supply chains.

With the shift to remote working during the pandemic, poorly configured network and software systems have exposed organisations to greater risk of cyberattacks.

Meanwhile, the compromise of a trusted supplier or software in a supply chain can result in widespread repercussions worldwide, as victims could include major vendors with huge customer bases.