I read the Singapore Cyber Landscape 2021 report released by the Cyber Security Agency of Singapore (CSA) on Monday and noticed some areas of concern.
The report states that 55,000 Web addresses linked to phishing sites were hosted in Singapore last year. This was a 17 per cent increase from the previous year.
These numbers are mind-boggling.
The report also indicates that "Command and Control" (C&C) techniques are being used to launch malicious attacks in Singapore. C&C can be remotely controlled by hackers who may not be physically in the country.
In C&C mode, it is possible that a user's computers may be used without his knowledge if his machines are infected.
Would CSA be able to indicate who these users may be or which sectors they are from?
A clue in the report points to small and medium-sized enterprises in Singapore taking major hits from ransomware, and two sectors stood out: manufacturing and IT organisations.
If CSA could shed some light in this area, computer users in general can learn better how to prevent themselves or their machines from unknowingly being exploited to become bots that launch attacks.
In addition, the report indicates that cyber hygiene can be beefed up, and also encourages organisations to have "strong situational awareness of their network activity" so as to strengthen their cyber defence posture. However, it stops short of saying what "situational awareness" means in computer network activity.
For instance, phishing can be used as a technique to trick computer users to disclose information before more insidious attempts such as ransomware apps are delivered.
Spoofing is a common tactic before phishing is attempted. Social media companies are easy targets to become spoofed, along with financial companies and government agencies.
With some of this knowledge, computer users and organisations can better protect themselves. Individually, users can be more cognisant and avoid becoming a C&C mule.
Tan Kar Quan