Skip to main content

Advertisement

Advertisement

Cyber threats in Singapore fall, but online scams continue to rise

SINGAPORE — Though the number of cyber threats in Singapore fell last year compared with 2017, cyber-crime cases such as online cheating scams continued to rise, accounting for nearly one-fifth of all crimes committed in the country.

Cyber threats, such as malicious software intended to shut down a company's computer system unless a ransom is paid, fell in Singapore in 2018, but cyber crime continued to rise.

Cyber threats, such as malicious software intended to shut down a company's computer system unless a ransom is paid, fell in Singapore in 2018, but cyber crime continued to rise.

Follow TODAY on WhatsApp

SINGAPORE — Though the number of cyber threats in Singapore fell last year compared with 2017, cyber-crime cases such as online cheating scams continued to rise, accounting for nearly one-fifth of all crimes committed in the country.

The latest annual report released on Tuesday (June 18) by the Cyber Security Agency of Singapore (CSA) showed that there were about 2,125 e-commerce scams in 2018, where victims lost a total of about S$1.9 million.

It noted that 70 per cent of such scams took place on e-commerce platform Carousell, and involved electronic products and tickets to events and attractions.

Businesses in Singapore hit by email impersonation scams suffered losses of close to S$58 million in 2018, an increase of about 31 per cent from 2017.

However, common cyber threats — such as website defacements, phishing and ransomware — dropped last year, even though there were several major cyber attacks here in the same period.

They included the SingHealth cyber attack, where the personal data of 1.5 million patients and the outpatient medication records of 160,000 of them — including Prime Minister Lee Hsien Loong’s — were stolen.

The latest figures represent a marked reduction from the 2017 statistics, which showed that all forms of cyber threats went up, with phishing attacks topping the list and rising by almost 10 times.

Here are the key findings from the Singapore Cyber Landscape 2018 report:

A FALL IN CYBER THREATS

Phishing: This is when fraudulent emails are sent, purporting to come from reputable companies, in a bid to induce the recipient to disclose personal information.

There was a 30 per cent slide in uniform resource locators or URLs linked to Singapore associated with phishing — from 23,420 URLs in 2017 to 16,100 in 2018.

The CSA noted that phishing is one of the simplest and most effective methods used by hackers to steal sensitive personal data such as passwords and credit card details for financial gain.

Companies in the banking and financial services, technology and file hosting services fields made up almost 90 per cent of spoofed companies in 2018.

Website defacement: A total of 605 cases of website defacement were detected last year, a 70 per cent fall from the 2,040 cases the year before.

As with previous years, the majority of the websites affected belonged to small- and medium-sized enterprises. But larger organisations have also been hit, the CSA said. For instance, the Singapore website of a major Japanese advertising firm — which it did not name — was compromised last year.

Ransomware: This involves malicious software being installed in the target, designed to block access to its computer system until a “ransom” is paid.

Compared with 2017, the number of ransomware cases dropped from 25 to 21 last year. The CSA report said that this cyber threat remains “lucrative and continues to evolve in sophistication”.

It pointed out that one of the more aggressive forms of ransomware, called GandCrab, infected a private financial institution in Singapore in February last year.

Since its discovery in January 2018, GandCrab has infected more than half a million computers worldwide and is believed to have extorted around US$300 million (S$411 million) in ransom.

Command-and-control servers: There were 300 unique command-and-control servers last year, which is a significant decline of 60 per cent from 2017.

This type of server is used by hackers to communicate with malware-infected devices. The objective is to carry out malicious attacks such as data theft, email spam campaigns, and distributed denial of service (DDoS) attacks, which typically involve flooding a system with data, causing disruption to business operations or distracting victims from ongoing cyber crimes.

CYBER CRIME CONTINUES TO INCREASE

Based on the latest CSA report, cyber-crime cases continued to grow in the last three years — from an increase of 15.6 per cent in 2016 to 16.6 per cent in 2017 to 18.6 per cent last year. 

With 6,179 cases detected last year, cyber crime formed 19 per cent of the overall crime in Singapore, figures from the Singapore Police Force showed.

Computer Misuse and Cybersecurity Act: The number of cases reported under the Act surged by 40 per cent last year to 1,204 cases. In 2017, it was 861 cases and 758 in 2016.

Online scams: Apart from the 2,125 e-commerce scams last year, where victims lost a total of about S$1.9 million, 378 business email impersonation scams were observed, up from 332 cases in 2017.

Businesses in Singapore suffered losses of close to S$58 million, an increase of about 31 per cent from 2017.

CYBER SECURITY IN THE NEXT FEW YEARS

In its report, CSA identified six trends it foresees happening in the near future as cyber threats are set to become more “targeted, sophisticated and deceptive”.

More frequent data breaches: As data becomes the “most valued ‘commodity’ in cyberspace”, it means cyber criminals will try even harder to breach computer databases, especially those that store large amounts of private and personal information.

Greater threat to global supply chains: The agency pointed out that industries dominated by a few companies are “especially vulnerable”. Why? Because the problems in one stage of production may potentially lead to a breakdown in the entire supply chain.

More disruptive attacks against the cloud: The primary goal remains data theft, but cyber criminals will also exploit cloud services for other malicious reasons such as to amplify DDoS attacks.

Greater risks for smart buildings: As buildings become “smarter”, there is a higher risk of them being held ransom or exploited to spread malware or be exposed to DDoS attacks.

Artificial intelligence (AI) a double-edged sword: Cyber criminals can use AI to search for vulnerabilities in computer systems and create “smarter’” malware.

Biometric data become more valuable to cyber criminals: Biometric data could be manipulated, with cyber criminals gaining access to them to “build virtual identities”.

Related topics

cyber attack cyber crime phishing scams

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.