Cyber Threats Grew in 2019 Amid Rapidly Evolving Global Cyber Landscape

See full report [PDF, 10 MB]

Increase in Website Defacements, Phishing, Malware Infections and Cyber Scams; COVID-19 related cyber threats also emerged towards the end of 2019.

The Cyber Security Agency of Singapore (CSA) published its Singapore Cyber Landscape (SCL) 2019 publication today, which revealed that cyber threats grew in scale and complexity in 2019.

In line with global trends, Singapore witnessed an increase in cyber threats targeted at various local industries such as e-commerce, banking and finance (See Appendix A). These cyber threats included common malicious cyber activities such as website defacements, phishing incidents and malware infections.

a. Website Defacements. 873 websites were defaced in 2019, compared to 605 cases in 2018. The majority of the defaced websites belonged to Small and Medium Enterprises (SMEs) from sectors such as education, finance, manufacturing and retail. The increase in cases can be attributed in part to an Indonesia-based hacker group, and ongoing developments in the Middle East.

b. Phishing. 47,500 Singapore-hosted phishing URLs[1] were detected in 2019, a sharp increase from 16,100 URLs in 2018. Globally, 2019 saw the highest level of phishing attacks since 2016. Commonly spoofed local firms included technology firms, banking and financial organisations and e-mail service providers, while the Immigration & Checkpoints Authority (ICA), Ministry of Manpower (MOM) and Singapore Police Force (SPF) were the most commonly spoofed government organisations.

c. Malware Infections.

1. Compromised Systems. In 2019, CSA detected about 530 unique Command & Control (C&C) servers in Singapore, compared to 300 observed in 2018. A daily average of about 2,300 botnet drones with Singapore Internet Protocol (IP) addresses were observed. Close to 370 malware variants were detected, with the top five malware – Mirai, Gamarue, Conficker, Nymaim, and Ranbyus – accounting for over half of all observed infections.

2. Ransomware. CSA received 35 reports of ransomware cases in 2019, compared to 21 cases in 2018. Organisations that fell victim to ransomware attacks mostly belonged to the travel and tourism, manufacturing and logistics industries.

Cybercrime remains a concern

The SPF reported that cybercrime has continued to rise, with 9,430 cases reported in 2019, up from 6,215 cases in 2018. This accounted for more than one-quarter of all crimes in Singapore in 2019. E-commerce scams continue to be the top scam type in Singapore, recording a 30 per cent increase from 2,161 cases in 2018, to 2,809 cases in 2019. In particular, victims continued to be enticed by attractive online deals on items such as electronic gadgets and event tickets.

Special Section: COVID-19 on the Cyber Front

A special section on “Cybersecurity and COVID-19” was included in the SCL 2019 report, with insights on the global rise of cyber threats capitalising on the COVID-19 pandemic. Such malicious cyber activities emerged globally in late-December 2019 and may persist beyond 2020. These activities have targeted frontline organisations, businesses and individuals. These threats typically evolve and escalate in three distinct phases - Phase 1: Inception; Phase 2: Expansion; and Phase 3: Convergence (See Appendix B). The section also touched on the psychological vulnerabilities that cause people to fall for online phishing scams, which stood out as the major mode of attack by threat actors. 

Upping the Game on Singapore’s Cybersecurity

To ensure that Singapore can respond swiftly and recover promptly from cyber incidents, CSA works closely with partners from the public and private sectors to strengthen our cyber resilience. In 2019, CSA conducted regular cybersecurity exercises to raise the Critical Information Infrastructure (CII) sectors’ readiness to respond to cyber incidents, and worked with CII sector leads to ensure effective implementation of the SingHealth Committee of Inquiry’s recommendations. CSA also collaborated with foreign CERTs[2] and introduced initiatives to build a talent pool of skilled cyber defenders.

CSA also reaches out to businesses and individuals to raise cybersecurity awareness and adoption through campaigns and platforms such as GoSafeOnline, SingCERT website and social media channels. Other efforts include the push to enhance Internet of Things (IoT) security by introducing the Cybersecurity Labelling Scheme for selected smart devices, and galvanising research and knowledge-sharing with international partners. As part of efforts to build a resilient cyberspace, CSA also launched the ASEAN-Singapore Cybersecurity Centre of Excellence last year to enhance regional cyber capacity building and drove efforts towards the implementation of voluntary cyber norms for a rules-based international order in cyberspace.

The report also identified key cybersecurity trends. Aside from security risks associated with working from home in the “new normal” wrought by COVID-19, the transition by organisations into cloud computing is also expected to increase the cybersecurity attack surface. Other trends that are expected to have an impact on cybersecurity include Artificial Intelligence (AI), 5G, the surge in IoT devices and quantum computing.

"As one of the most connected countries in the world, Singapore remains a target for cyber-attacks and cybercrime. Threat actors have continued to evolve their tactics, resulting in an intensification of malicious cyber activities in 2019. The ongoing COVID-19 pandemic has also provided new opportunities and attack surfaces for them to capitalise on. Cybersecurity is a team sport, and now, more than ever, we must come together to do our part to protect our cyberspace."

Mr David Koh
Chief Executive, Cyber Security Agency of Singapore (CSA)

[1] A Uniform Resource Locater (URL) is a unique, specific web address.
[2] Computer Emergency Response Teams (CERTs)

About the Singapore Cyber Landscape 2019

The “Singapore Cyber Landscape 2019” publication reviews Singapore’s cybersecurity situation in 2019 against the backdrop of global trends and events, and highlights Singapore’s efforts in creating a safe and trustworthy cyberspace.

CSA analyses multiple data sources to shed light on the common cyber threats observed in Singapore’s cyberspace. Through case studies of incidents in Singapore, it aims to raise awareness of cyber threats amongst cyber stakeholders and the general public, and to offer practical and actionable insights to better defend ourselves against ever-evolving cyber threats. Please refer to this link for the report.

About the Cyber Security Agency of Singapore

The Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cyber security functions, and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cyber security awareness as well as to ensure the holistic development of Singapore’s cybersecurity landscape. The Agency is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more information, please visit www.csa.gov.sg.