Nearly tenfold jump in phishing instances last year: CSA report

The annual report by the Cyber Security Agency of Singapore showed that ransomware incidents also rose, with 25 cases reported last year, up from 19 in 2016. It also noted that malware infections are increasing.
The annual report by the Cyber Security Agency of Singapore showed that ransomware incidents also rose, with 25 cases reported last year, up from 19 in 2016. It also noted that malware infections are increasing.PHOTO: AGENCE FRANCE-PRESSE

Agency flags rising number of cyberthreats in S'pore even as cybercrime cases increase

Phishing instances here increased by almost 10 times last year, a report showed.

These were part of a rising number of cyberthreats in Singapore, including more instances of website defacement, malware infections and ransomware.

This mirrors the rise of cyber attacks globally, according to an annual report by the Cyber Security Agency of Singapore (CSA), which outlines the growing threat from hackers and malicious software.

The 50-page Singapore Cyber Landscape 2017 report, which was released by the CSA yesterday, showed an almost tenfold increase in phishing URLs with a Singapore link last year.

There were 23,420 links found, up from 2,512 in 2016. The large jump was in part due to the CSA analysing more data points last year than in 2016, which yielded more phishing attempts.

Phishing refers to using a fake website designed to look like a real one of a particular service to trick users into giving up their user names and log-in information.

Technology companies such as Microsoft and Apple were the favourite targets for hackers, with their names making up about 40 per cent of the observed phishing URLs. Government agencies, such as the Inland Revenue Authority of Singapore and Singapore Police Force, were also targeted.

  • PHISHING URLS WITH SINGAPORE LINK 

    23,420 

    Number of links found last year. 

    2,512 

    Number of links found in 2016.

  • WEBSITE DEFACEMENT 

    2,040

    Number of incidents last year. 

    1,750 

    Number of incidents in 2016.

  • CYBERCRIME 

    5,430 

    Number of cases reported last year. 

    5,175 

    Number of cases in 2016.

Mr Tim Wellsmore, director of government security programmes at cyber-security firm FireEye, said the increased number of cyber-threats could also be attributed to better detection techniques.

"As countries and nations get better in improving their capabilities and ability to check and respond to threats, we are seeing the cyber-threat actors change up their approaches," he added.

"It is harder and harder to target companies as they implement better security solutions, so they focus on the weaker link, and that is people. And that is what phishing e-mails do."

There were also more website defacement incidents, with 2,040 cases, up from 1,750 in 2016. The main targets were mainly small and medium-sized enterprises from the manufacturing, retail and information technology sectors.

Incidents of ransomware also rose, with 25 cases reported last year, up from 19 in 2016.

The report, now in its second year, also noted that malware infections are increasing.

The CSA found about 750 unique command and control servers in Singapore, which act as the main computers used to issue instructions to other computers infected with malware.

More than 400 different malware types were found to have infected computers here. Five particular variants accounted for more than half of the systems infected daily, including the globally widespread WannaCry malware, which wreaked havoc across networks in May last year.

Cybercrime cases also rose, said the police. There were 5,430 cybercrime cases reported last year, up from 5,175 in 2016. Victims lost more than $95 million last year. The highest loss in a single case came from an Internet love scam, in which a victim lost about $6 million.

CSA chief executive David Koh, who is also Singapore's Commissioner of Cybersecurity, added that there has also been a shift from profit-motivated attacks towards those aimed at causing massive disruptions.

"As we continue our Smart Nation push, we have to raise our cyber hygiene and defences, especially against cyber attackers who are getting better resourced and skilled," he said.

A version of this article appeared in the print edition of The Straits Times on June 20, 2018, with the headline 'Nearly tenfold jump in phishing instances last year: CSA report'. Print Edition | Subscribe