Fall in Phishing, Infected Infrastructure and Website Defacement Incidents Reported to CSA in 2023, but Absolute Figures Remain High

Singapore, 30 July 2024 – The Cyber Security Agency of Singapore (CSA) released the Singapore Cyber Landscape (SCL) 2023 publication today. The publication provides a comprehensive picture of the cybersecurity threat landscape in Singapore. 

CSA observed that in 2023, phishing, which is a key conduit for scams and other malicious cyber activities, dropped significantly in numbers compared to 2022. For ransomware, around one case was reported every three days on average, a rate similar to 2022. The number of infected infrastructure saw a decline in Singapore as well.

Key Malicious Cyber Activities in 2023

2    They are:

1. Phishing. There were around 4,100 phishing attempts reported to the Singapore Cyber Emergency Response Team (SingCERT) in 2023. This was a 52% decline from the 8,500 cases in 2022; however, it was still approximately 30% higher than 2021. This decline bucked a global trend of sharp increases, which were likely fuelled by the usage of generative artificial intelligence (Gen AI) chatbots like ChatGPT to facilitate the production of phishing content at scale. 
   Despite the drop in local reported cases, phishing attacks continue to be a major threat to organisations and individuals, especially as threat actors improve on the sophistication of their cyber-attacks. CSA observed indications that cybercriminals are shifting tactics to make their phishing attempts appear more legitimate and authentic. For example, more than half of the phishing URLsreported to CSA used the more secure HTTPS protocol, a significant increase from the 9% that did so in 2022. More than a third of reported phishing attempts used the more credible-looking domain “.com” instead of “.xyz”, an increase of about 20% from 2022.
   
   The most spoofed industries were Banking and Financial Services, Government, and Technology. The majority of organisations that were spoofed in the reported phishing attempts(63%) were entities in the Banking and Financial Services. Thisindustry is often being masqueraded, as banking and financial institutions are trusted organisations which hold significant amounts of sensitive and valuable information such as personal details and login credentials.
   

2. Ransomware Incidents. Ransomware remained a significant cyber threat, with cybersecurity vendors reporting a record number of ransomware victims globally in 2023. In Singapore, the number of reported ransomware cases remained high at 132, the same as 2022.
   
   Manufacturing continued to be the top industry affected by ransomware, while construction replaced retail as the second most affected industry in 2023. Some ransomware groups may have chosen to compromise these two industries as their level of cybersecurity might not have been as mature, or that they might be more susceptible to pressure to pay ransom, rather than to face costly operational disruptions and project delays.
   
   Two broad trends that emerged in 2023 are a shift towards exfiltration-only data extortion attacks by ransomware groups (i.e. without any encryption of files or systems), which is faster and stealthier; and additional pressure tactics, such as harassing clients of victim organisations to compel the latter to pay the ransom. 
   

3. Infected Infrastructure¹. In 2023, CSA observed 70,200 infected systems in Singapore, a decrease of 14% from 81,500 in 2022. While the numbers remained high, they have been on a sustained decline since 2021. The decline suggested that there was an overall improvement in cyber hygiene levels. However, there is still much room for improvement, as CSA’s analysis showed that many systems were compromised by dated malware which could have been easily detected by anti-virus software. The top three malware infections on locally-hosted Command and Control servers were Cobalt Strike, FormBook and SmsThief, while the top three malware found on locally-hosted botnet drones were Nymaim, Gamarue and Ranbyus.
   

4. Website Defacements. 108 ‘.sg’ websites were defaced in 2023, a decrease of 68% from 340 in 2022. This mirrors a global downtrend in website defacements globally. This could be due to hacktivist groups adopting a wider array of attacks, such as data breaches and distributed denial-of-service attacks, to advance their agenda.

¹ Compromised devices within SG cyberspace abused by attackers for malicious purposes, such as conducting DDoS attacks or distributing malware and spam.

AI Technology Increasingly Exploited by Threat Actors to Enhance Cyber-attacks

3     The SCL 2023 report highlighted the rise of Artificial Intelligence (AI) as a trend to watch. The scale of AI improvements and adoption, which reached unprecedented levels in 2023, is projected to grow even further, with malicious actors likely to benefit as well. For example, malicious actors are exploiting AI to enhance various aspects of cyber-attacks, such as for social engineering or reconnaissance. This is likely to increase, driven by the ever-growing stores of data, which can be used to train AI models for higher quality results. 

4     CSA’s analysis of a sample of the phishing emails reported to SingCERT in 2023 showed that about 13% contained AI-assisted/generated content. These AI-assisted/generated emails were grammatically better and had better sentence structure. They also had better flow and reasoning, intended to reduce logic gaps and enhance legitimacy. AI-assisted/generated phishing can also adapt to any tone, enabling them to exploit a wide range of emotions in victims, making them more convincing and dangerous.

5     Moving forward, malicious actors can also be unintended beneficiaries of legitimate research into the malicious applications of Gen AI, by re-creating and operationalising research findings and incorporating them into the cyber kill-chain. Possible advancements in AI research that malicious actors may leverage in future cyber-attacks include AI-proliferated worms, automated hacking, and automated payload crafting. 

6     To better protect themselves, individuals and organisations need to learn how to detect and respond to malicious uses of Gen AI. Users can discern if a multimedia is a deepfake (a type of AIgenerated content) by using the ‘3A’ approach: (i) Assess the message, (ii) Analyse audio-visual elements, and (iii) Authenticate content using tools. 

Enhancing Cybersecurity for Organisations and Individuals

7     CSA has published the Mobile Cyber Security Guide today. The guide is targeted at organisations keen to take steps to secure the deployment of mobile devices in the organisational environment or strengthening existing deployments. It provides guidelines and best practices on how organisations and their employees can defend against mobile device-specific risks. This is necessary as the usage of mobile devices for work has become increasingly common. 

8     The Guide demarcates the respective responsibilities of both the organisation and employee, and covers areas such as – “Assets”, “Secure/Protect”, “Update” and “Respond”. Topics covered under these areas include user education, data storage and privacy, mobile authentication and software updates. For more information, please refer to Annex B. 

9     Cybersecurity is a necessary pre-condition to ensure that AI outcomes are safe, secure and trustworthy. CSA has been involved in the development of technical guidelines and standards that articulate best practices for AI security, as part of the National AI Strategy. Some examples include the contribution of security principles to IMDA’s AI Verify, and collaborating with the United States to make the AI Governance frameworks of both countries interoperable – the first such successful country-to-country mapping by both countries.

10     CSA regularly publishes Internet Hygiene Ratings (IHR) for Singapore-based digital platforms, which reflects their level of adoption of internet security best practices. In October 2023, the IHR table for website and email management providers was published. This was aimed at helping enterprise clients make more informed choices when choosing between IT providers. Since the Internet Hygiene Portal was launched in 2022, users have made more 120,000 website scansof digital platforms. 

11    CSA partnered with Google to pilot a new enhanced protection feature within Google Play Protect in February 2024. This feature analyses and automatically blocks the installation of apps from Internet sideloaded sources – browsers, messaging apps and file managers – that request sensitive permissions which are commonly required to carry out financial fraud and scams. 

12     To help enterprises better understand their responsibilities and defence against cloudspecific risks, CSA partnered with the Cloud Security Alliance to launch two Cloud Security Companion Guides in October 2023. These companion guides were developed to complement Cyber Essentials and Cyber Trust respectively, Singapore’s national cybersecurity standards for organisations. CSA has also worked with Amazon Web Services, Google Cloud and Microsoft to develop companion guides that are specific to their respective cloud services/environment.

13     CSA launched its fifth national cybersecurity campaign, “The Unseen Enemy”, in September 2023 to raise awareness and drive adoption of good cyber hygiene practices. The campaign focused on four Cyber Tips: 1) Enable Two-Factor Authentication (2FA) and Use Strong Passphrases; 2) Beware of Phishing Scams; 3) Update Software Promptly; 4) Add ScamShield and Anti-Virus Apps. 

At the launch, CSA also published a list of seven security apps for both Android and iOS devices to help the public identify suitable cybersecurity apps that they can download to secure their mobile devices from malware and phishing attacks. CSA also continued to run outreach events including community roadshows, workshops for seniors as well as assembly talks and drama skits for students.

14     Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said: “The use of generative AI has brought a new dimension to cyber threats. As AI becomes more accessible and sophisticated, threat actors will also become better at exploiting it. The recent IT disruption also showed us how interconnected our systems are and the need to strengthen our digital resilience. The Government will continue to step up our efforts to protect our cyberspace, and we are heartened to be joined by international as well as local public and private partner organisations in this effort. We need everyone, including businesses and individuals, to play a part.”

About the Singapore Cyber Landscape 2023

The “Singapore Cyber Landscape 2023” publication reviews Singapore’s cybersecurity situation in 2023 against the backdrop of global trends and events, and highlights Singapore’s efforts in creating a safe and trustworthy cyberspace. CSA analyses multiple data sources and developments to shed light on the common cyber threats observed in Singapore’s cyberspace. Through case studies of incidents in Singapore, the publication aims to raise awareness of cyber threats among cyber stakeholders and the general public, and to offer practical and actionable insights to better defend ourselves against ever-evolving cyber threats. 

Please refer to Singapore Cyber Landscape 2023 for a copy of the report.

About the Cyber Security Agency of Singapore 

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.