Big jump in 'zombie' devices laced with malware

Number of such infected devices - which hackers can control - triple amid pandemic

"Zombie" devices linked to the Internet, and infected with malware that allows hackers to control them and launch cyber attacks, have tripled in numbers here amid the Covid-19 pandemic, according to the latest government findings.

An average of 6,600 malware-laced devices, also called botnet drones, were observed here last year on a daily basis, a big jump from 2,300 in 2019, said the Cyber Security Agency of Singapore (CSA) in a report yesterday.

These devices can be computers, routers and even smartphones hijacked by hackers. Infected with malware, they act like zombies or drones that, without the knowledge of their owners, "mindlessly" follow the instructions of hackers.

By sending commands to large groups of such devices, called botnets, hackers can use them to carry out cyber attacks. This can include causing information technology systems to crash, breaching systems to steal data and launching ransomware attacks that cause digital files to be locked up until the hackers are paid.

The number of systems used to control botnets, also called command and control servers, found in Singapore also nearly doubled.

CSA said 1,026 of these servers were recorded here last year, up from 530 in 2019.

The sharp rise in botnet drones and the servers controlling them could be due to cyber criminals seizing opportunities created by the pandemic, said Ms Genie Sugene Gan, cyber-security firm Kaspersky's head of public affairs and government relations for Asia-Pacific.

She explained that IT teams were very stretched because the pandemic caused businesses to go digital at breakneck speed.

"Perhaps, cyber security was forced to take a backseat as companies were primarily concerned with business survival and inevitably prioritised business continuity," said Ms Gan.

She added that hackers were also exploiting people who were fearful and anxious over the Covid-19 outbreak, which could have made them prone to phishing, scams, spam and more.

One of the main malware programs spread last year by servers that control botnets here was Emotet, which CSA said is known to use sophisticated social engineering tactics.

Last year, cyber-security firms warned that hackers were using Covid-19 e-mails to trick people into downloading Emotet.

As for why hackers sited so many of the servers here to control zombie devices, Ms Gan said that this is a by-product of the country's developed digital infrastructure and its role as a regional data hub.

CSA's report also said that ransomware cases in the Republic surged 154 per cent from 2019's 35 cases to hit 89 last year.

While most of the cases reported were from small and medium-sized enterprises (SMEs), hackers were also fishing for larger victims in the manufacturing, retail and healthcare sectors, said the agency.

Mr Eric Hoh, president for Asia-Pacific at cyber-security firm FireEye Mandiant, said organisations, in particular SMEs, that have lower priorities in cyber-security investments could become easy targets for ransomware.

He added that the manufacturing, retail and healthcare sectors are traditionally not IT-centric, which makes them more prone to phishing attempts, for instance.

The spike in ransomware cases here could be due to a trend of ransomware hackers becoming guns for hire as well. Mr Hoh said that this "dramatically lowered the barriers of entry" for hackers, so attack volumes rose tremendously.

Several high-profile ransomware cases in recent months include the Colonial Pipeline attack in the United States in May that affected the fuel supply for about 50 million customers.

Over this past weekend, a ransomware attack centred on US IT firm Kaseya, which helps other companies manage their IT networks, is estimated to have affected between 800 and 1,500 businesses worldwide.

Minister for Communications and Information Josephine Teo said in a written parliamentary reply on Tuesday that steps have been taken to tackle ransomware.

For instance, CSA has directed sectors with critical information infrastructure, like energy, to boost their cyber security. The Government has also taken similar steps.

She urged organisations and members of the public to take preventive action before any ransomware attack hits.

Website hacking a wake-up call for advertising agency

A simple, default password shared by employees was possibly the weak link that allowed hackers to break into advertising and creative agency Splash Productions' website and deface it.

The incident, which happened about five to six years ago, was a wake-up call that spurred the company to drastically improve its cyber security.

This included getting physical security keys for staff to act as two-factor authentication to log into work devices, enforcing the use of strong passwords, encrypting data on computers, and setting up security software to detect suspicious activities.

The company's creative director, Mr Stanley Yap, told The Straits Times that these investments were necessary.

Even though the firm's website hacking incident did not result in too much damage - there was no financial loss, for instance - the company did not want to become an easy target.

"As a partner and vendor, we should keep our security strong so that we don't become the loophole for hackers to take over our clients' microsites, websites or social media platforms (which we manage)," explained Mr Yap.

Splash has done work for many government agencies and businesses.

And the password that might have been at the root of the firm's hacking incident? It was likely the default password "admin", which Splash did not change at the time.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on July 09, 2021, with the headline Big jump in 'zombie' devices laced with malware. Subscribe