Phishing attempts on Singapore targets rose 175% to 8,500, with banking sector most spoofed in 2022
SINGAPORE — The Cyber Security Agency of Singapore (CSA) received about 8,500 reports of phishing attempts last year, an increase of 175 per cent from the 3,100 attempts reported in 2021.
SINGAPORE — The Cyber Security Agency of Singapore (CSA) received about 8,500 reports of phishing attempts last year, an increase of 175 per cent from the 3,100 attempts reported in 2021.
The increase mirrors global trends, according to CSA, which published the data in its Singapore Cyber Landscape 2022 report on Friday (June 23).
The heightened cyber threat environment in 2022 was fuelled by geopolitical conflict and “cybercriminal opportunism” as Covid-19 restrictions eased, said Mr David Koh, Singapore’s first Commissioner of Cybersecurity and CSA's chief executive.
The agency pointed out that the Russia-Ukraine conflict brought about financial pressures and a rise in the cost of living, and that economic adversity creates opportunities that threat actors can exploit through phishing.
“They capitalise on psychological weaknesses as potential victims are more inclined to explore opportunities to make up for personal financial shortfalls,” said CSA. Organisations may also scrutinise their budgets and cut cybersecurity budgets, seen as non-essential expenditures.
“Emerging technologies, like Chatbots, are double-edged, as with many new technologies. While we should be optimistic about the opportunities it brings, we have to manage its accompanying risks,” added Mr Koh.
“The government will continue to step up our efforts to protect our cyberspace, but we need businesses and individuals to play their part too, so that we can fully reap the benefits of our digital future.”
‘SPRAY AND PRAY’
Phishing is a social engineering technique used to fraudulently obtain sensitive information by impersonating a legitimate individual or reputable organisation in digital communication.
More than half of the reported phishing cases involved URLs ending with “.xyz”, which is popular with threat actors because of its low cost and limited restrictions on usage, said CSA.
Banking and financial services was the most commonly spoofed sector, making up more than 80 per cent of all phishing attempts on organisations.
CSA pointed out that phishing attempts involving China-based banks accounted for nearly half of all banking-related phishing attempts in 2022.
The agency observed a sharp spike in phishing reports that coincided with some rural banks in China becoming embroiled in a fraud scandal in June last year.
“Interestingly, several of these banks — Agricultural Bank of China, Zhongyuan Bank, and China Minsheng Bank — have little to no presence in the Singapore retail banking scene and are unknown to most retail banking customers in Singapore,” CSA said in its report.
“The threat actors were likely mass-targeting victims utilising the ‘spray and pray’ tactic, which capitalises on anxieties and concerns over developments in China’s banking sector.”
Singapore’s government and the logistics sector — in particular SingPost — rounded out the top three most commonly spoofed sectors.
The Singapore Cyber Emergency Response Team (SingCERT) facilitated the takedown of more than 2,900 malicious phishing sites last year.
RANSOMWARE A KEY CONCERN
CSA also said that ransomware — which involves malware that encrypts files until a ransom is paid for their decryption — continues to be a key concern in Singapore, with one case reported every three days on average.
The number of ransomware cases reported fell slightly to 132 last year, but this figure is still high, said the agency.
Ransomware cases mostly affected small and medium enterprises from sectors like manufacturing and retail, as they may hold valuable data and intellectual property while lacking dedicated resources to counter cyber threats, CSA added.
The agency will launch a scheme for subsidised cybersecurity consultancy services and tailored cybersecurity health plans for SMEs in the third quarter of 2023.
Under the scheme, cybersecurity consultants will take on the role of chief information security officers for SMEs facing manpower constraints in hiring cybersecurity personnel. CNA
For more reports like this, visit cna.asia.