Phishing attacks in Singapore have surged in 2022, with 8,500 cases reported to the Singapore Cyber Emergency Response Team (SingCERT), compared to 3,100 cases in the previous year. Small and midsize businesses (SMBs) have been particularly affected by ransomware incidents. Over half of all phishing cases in 2022 involved hyperlinks ending with “.xyz,” a popular top-level domain used by threat actors due to its low cost and limited use restrictions. The average length of phishing links had also been cut by almost half, indicating that cybercriminals were likely using URL shortener services to mask their actions and track the click-through rate of their phishing campaigns.
According to the Singapore Cyber Landscape 2022 report released by Singapore’s Cyber Security Agency (CSA), over 80% of phishing sites attempted to pass off as organizations from the banking and financial services sector. The financial sector was the most spoofed, alongside the government and logistics sectors, as financial organizations are trusted institutions that hold sensitive and valuable data, such as login credentials. June and September saw the highest number of phishing attempts in the sector last year, with over half of these involving spoofing of China-based banks, even though several of these entities had little to no presence in Singapore’s retail banking market.
The overall increase in phishing attempts parallels that of global trends, the CSA report stated, adding that SingCERT last year facilitated the takedown of 2,918 phishing sites. Such attacks were the leading type of overall scams in Singapore last year, clocking 7,097 reported cases, up 41.3% from 2021, according to figures from the Singapore Police Force. CSA did note that the spike in reported cases also could be attributed to its community outreach and increased public awareness of phishing threats, driving more to actively report such cases to SingCERT.
The cybersecurity regulator said while the number of reported ransomware incidents dipped slightly to 132, compared to 137 in 2021, such attacks remained a significant issue in Singapore and worldwide. It pointed to reports from security vendors indicating a 13% climb in ransomware incidents globally last year. SMBs again were most impacted by ransomware attacks, particularly those in manufacturing and retail. These businesses are popular targets because they hold valuable information and intellectual property that cybercriminals hope to extort and capitalize on. SMBs also often lack resources dedicated to tackling cyber threats, CSA said.
Ransomware groups have exhibited increased “commercial and professional-like behavior” and diversified their portfolios to target cloud environments and Linux systems. For instance, they now brand their ransom notes with logos and corporate style to reassure victims they will regain access to their data once ransoms are paid, even providing customer support functions to guide victims through payment and decryption processes. Ransomware-as-a-service (RaaS) strains seen in Singapore’s threat landscape also reflect global trends, with LockBit, DeadBolt, and MedusaLocker among the common models deployed.
Cobalt Strike was the leading malware family infecting locally hosted Command and Control (C&C) servers, followed by Emotet and Guloader. The Singapore regulator has anticipated ransomware attacks to continue, with businesses possibly looking at ransom payment to mitigate damages to their reputation. This may prove a more compelling factor rather than paying to regain access to encrypted data. This will prompt cybercriminals to rely on extortion, even amid a possible decline in actual ransomware deployments. RaaS providers may focus more on data exfiltration and public shaming of breached sites.
Artificial intelligence (AI) is expected to be a double-edged sword used by both attackers and defenders, according to the CSA report. Specifically, the use of natural language processing and machine learning technologies can power real-time insights for ascertaining potential cyber attacks. As AI becomes more accessible and advanced, threat actors may also leverage such technology for their nefarious activities, such as launching highly-targeted spear-phishing campaigns. Furthermore, cybercriminals may use AI-enabled deepfakes to impersonate C-suite executives to facilitate account takeovers, business fraud, or impact the share price or reputation of an organization.
“With ChatGPT, Bard, and other chatbots showcasing increasingly astounding capabilities, cybersecurity experts warn of their potential abuse to enable malicious cyber activities. Emerging technologies like these are double-edged, as with digitalization,” said David Koh, CSA’s chief executive and cybersecurity commissioner. “While we should be optimistic about the opportunities it brings, we have to carefully manage its accompanying risks to fully reap the benefits of our digital future.”