A ransomware attack hit a vendor to DBS. What is a ransomware attack and how does it affect companies?
Singapore was hit by 21 million cyberattacks originating from compromised servers in 2024
[SINGAPORE] Customer data from DBS and Bank of China’s Singapore branch (BOC) were stolen when their printing vendor was hit by a ransomware attack last week.
DBS on Apr 7 said preliminary investigations showed that customer statements/letters of about 8,200 of its customers have been potentially compromised.
Meanwhile, BOC said about 3,000 of its customers whose paper letters were printed and distributed by the printing vendor were affected by the incident. Data exposed included customer names and addresses, and in some cases, the loan account numbers.
No log-in information was compromised for both banks.
But ransomware is a growing issue.
In 2024, Singapore led ransomware attacks among Asean countries with 21 million cyberattacks on compromised servers.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
But what is ransomware and what are companies doing to mitigate such threats? The Business Times explains.
What is ransomware?
Ransomware is a type of software designed to withhold a victim’s sensitive data or device hostage. Typically, victims are only able to regain access to their details or devices after paying the attacker.
There are two general types of ransomware: the most common being crypto ransomware, which holds the victim’s data hostage by encrypting it. After paying the attacker, the victim is able to obtain the encryption key.
Another form of ransomware is done by screen-locking where the victim is unable to use the entire device.
There is also a risk of Wipers, or destructive ransomware, that destroys the data which can occur despite the victim paying the ransom.
How ransomware infects you
Some attackers use social engineering and phishing attacks to trick their victims into downloading and running files containing ransomware through e-mails.
In other scenarios, attackers can exploit zero-day vulnerabilities, in which a security flaw can go unknown and unaddressed from the moment the operating system, application or device is released.
If attackers find the flaw before the security researchers and software developers, they can infiltrate their victims from there.
Attackers can also break into their victims’ system through brute force, or through stealing credentials from authorised users, and deploying the ransomware directly into the system. This type of manual hacking can be hard to detect.
In recent years, ransomware attacks have evolved to include double-extortion attacks – that threaten to leak the data online – and triple-extortion attacks – threatening to use the data to attack the victim’s customers or business partners.
Therefore, even victims who back up their data or pay the initial ransom amount are at risk.
Ransomware can hit banks too
While in the above example, both DBS and BOC were affected because their vendor was hit, ransomware attacks can be on banks directly too.
Ransomware attacks on banks are particularly disruptive due to their real-time operational dependencies and sensitive data obligations, according to Sakshi Grover, senior research manager for cybersecurity services at IDC Asia/Pacific.
She explains that these attacks often trigger immediate lockdown on critical services such as online banking portals and payment processing systems.
The most impactful consequence is data exfiltration combined with extortion. This is where sensitive customer and transactional data is encrypted, stolen and weaponised.
The long-tail effects can include weeks or months of recovery, compliance audits, legal scrutiny and regulatory reporting, she said.
In some cases, where AI-powered ransomware is involved, the attack evolves even during containment efforts. The ransomware can utilise artificial intelligence to bypass defences in the system, and prolong the incident’s life cycle and complicate resolution.
Martin Zugec, technical solutions director at Bitdefender, observed that in recent years, there has been a shift in how ransomware groups operate.
Rather than encrypting data, these groups are opting to just steal it, as they realise that the long-term fallout from leaked private information can be more devastating than temporary system outages.
Ultimately, the banks can suffer from both reputational damage, a loss in customer trust and even hefty regulatory fines.
Navigating future attacks
“The harsh reality is that today’s ransomware attacks are typically preceded by extensive reconnaissance, where determined hacking teams infiltrate a network, weeks or even months, beforehand,” said Zugec.
Only after gaining deep, insider knowledge and learning how to neutralise recovery efforts do they launch the final assault – exfiltrating and/or encrypting data. When attackers “know your playbook before the attack even starts, you’re already at a disadvantage”, he added.
According to Tony Anscombe, chief security evangelist at Eset, many organisations have adopted a variety of modern cybersecurity tools, such as Endpoint Detection and Response, Identity Access Management, and Vulnerability and Patch Management systems, to protect themselves.
However, he noted that it was vital to improve cybersecurity across the entire company as no single tool can counter an attack.
A layered approach of utilising several technologies is needed, he said. Companies that follow a structured cybersecurity framework and international standards such as Nist and Cyber Essentials will have a better cybersecurity posture.
Anscombe noted that smaller businesses providing services to larger companies do not have the expertise to adopt a strong cybersecurity posture. This can create a weak point that cybercriminals can exploit.
Copyright SPH Media. All rights reserved.
