S’pore malls among victims of global cyber attack

SINGAPORE — Friday’s cyber attack has hit 200,000 victims in at least 150 countries, including in the Republic, with the Cyber Security Agency of Singapore (CSA) reporting that there are retail malls known to be affected.

For example, vendor systems for Tiong Bahru Plaza’s digital directory service, provided by a third-party vendor, had to be disconnected from the digital directory board while a solution patch was being installed.

In a statement yesterday, general manager of Tiong Bahru Plaza, Liang Court and Hougang Mall Karen Siow said management became aware of the malware incident at about 5pm on Saturday.

She added, however, that there was “no other anticipated impact from this malware”, as the digital directory systems run on a separate network from the rest of the corporate networks of AsiaMalls. “We’ll continue to monitor the situation with the third-party vendor and remain vigilant against any future incidences,” she said.

White Sands, also managed by AsiaMalls, was similarly affected, but by press time, both systems had been fixed. Meanwhile, photos of a ransomware message on a display screen belonging to a Desigual outlet at Orchard Central have been circulating online.

In response to TODAY’s queries, the CSA said its Singapore Computer Emergency Response Team (SingCert) has received one call for assistance from a retail shop to date.

“SingCert has advised the business owner on remediation measures to clean up its systems,” said Dan Yock Hau, the director of CSA’s National Cyber Incident Response Centre, adding that assistance was also offered to the affected malls. “While affected users may choose to pay ransom to access their files again, users are advised not to pay the ransom, as there’s no guarantee that their files can be recovered even if they’ve done so. There have been instances where users were unable to access their files again.”

In the wake of the global cyber attack, TODAY also contacted the major banks, telcos and universities, with none suggesting that they have been affected by the ransomware so far.

A Singapore Management University spokesperson said: “In addition to continuously strengthening the layers of technology defences, processes and procedures at SMU, we’ll further intensify the education of our students, faculty and staff to be more cybersecurity-aware and exercise cyber hygiene.”

As news of the WanaCrypt0r, or WannaCry, malware broke over the weekend, cyber security experts like Mr Anthony Lim, director of computing security association Cloud Security Alliance, swung into immediate action.

“The first thing I did was to start updating and running all the anti-virus (programmes) on all my PCs, update Microsoft Office, and clear all my Google caches to make sure I did not go into the wrong sites,” said Mr Lim, who was also busy fielding calls from people needing advice.

While the impact of the attack has slowed, global cyber security experts fear that any respite might be brief, and that the software virus could wreak fresh havoc today when employees log into their computers.

“At the moment, we’re in the face of an escalating threat. The numbers are going up, I’m worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning,” Europol director Rob Wainwright told ITV’s Peston on Sunday programme.

He said the attack was unique in that the ransomware was used in combination with “a worm functionality”, so the infection spreads automatically.

Cyber security experts TODAY spoke to said Singapore’s high Internet penetration and connectivity meant that such an attack may hold higher risks for the Republic. According to Association of Information Security Professionals president Steven Wong, higher connectivity could go two ways.

“Being a country that has Internet access readily available at a low cost and at reasonable speeds should help in our resilience, as it means that the cost of connecting to the Internet to update a software (patch) is minimal,” said Dr Wong. But he cautioned that there was also increased risk, “as malware can spread more quickly”.

Larger companies, government offices and Critical Information Infrastructure Operators have plans to minimise risk, said Dr Wong, but “the same might not be true for small and medium enterprises (SMEs) due to the lack of awareness, knowledge or expertise in cyber security”. These SMEs may become the weak link in Singapore’s cyber security efforts, he added.

While businesses and individuals can automate patch updates to boost security, Dr Wong noted that “sometimes the companies or their employees may choose to turn off such features off due to convenience, finding it bothersome to spend a few minutes installing updates and “thinking that they’ll do it manually later”.

“To save cost, some organisations may also retain older software (like Windows XP) that is no longer supported by the developer instead of migrating to a newer version,” he said.

Given that the current attack seems to be targeting older Windows operation systems, “this might potentially lead to a short-term gain and long-term loss”. Mr Wally Lee, senior vice-president and principal cyber architect of IT security company Quann, said the “human factor … is and will always remain the weakest link in the whole cyber security chain”.

While it is “hard to quantify” the risk levels here in the latest ransomware attack, Mr Lim said that there would be people who “don’t know what to look out for or what to do” in such instances and that “the public at large may not be very vigilant”.

He hopes the attack will serve as a “wake-up call” to raise awareness of good cyber hygiene.

“If you’re hit by a ransomware attack, you have to part with your money. Perhaps this could be a higher incentive for people to take cyber security seriously,” he added.

The CSA has, in an advisory yesterday, said users should “always be suspicious of uninvited documents send through email” and not click on unverified links.

“Always make backup of your important files and documents, (as) this will save you when you have to restore your files and documents when needed,” the advisory said, adding that users should “run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely”.