Tenfold jump in local phishing web links, increase in cybercrime: CSA report

The Singapore Cyber Landscape 2017 report showed an almost tenfold increase in phishing URLs with a Singapore link last year.
The Singapore Cyber Landscape 2017 report showed an almost tenfold increase in phishing URLs with a Singapore link last year.PHOTO: ST FILE

SINGAPORE - Cyber-threats are on the rise in Singapore, with instances of phishing, website defacement, malware infections and ransomware increasing last year.

This mirrors the rise of cyberattacks globally, according to an annual report by the Cyber Security Agency of Singapore (CSA) which outlines the growing threat from hackers and malicious software.

The 50-page Singapore Cyber Landscape 2017 report, released by the CSA on Tuesday (June 19),showed an almost tenfold increase in phishing URLs with a Singapore link last year. Some 23,420 were found, up from 2,512 in 2016.

Phishing refers to the use of a fake website designed to look like a real one of a particular service in order to trick users into giving up their user name and log-in information. Technology companies, such as Microsoft and Apple, were favourite targets for hackers, making up about 40 per cent of the observed phishing URLs.

Government agencies, like the Inland Revenue Authority of Singapore and Singapore Police Force (SPF), were also targeted for spoofing attempts aimed at getting Singaporeans' personal data like passport numbers, and credit card information.

The large jump was in part due to the CSA analysing more data points last year than in 2016, which yielded more phishing attempts.

Website defacement also increased, with 2,040 cases up from from 1,750 in 2016. The main targets were mainly small and medium enterprises from the manufacturing, retail and information technology sectors.

The report, now in its second year, also noted that malware infections are increasing. The CSA observed about 750 unique command and control servers in Singapore, which act as the main computer used to issue instructions to other computers infected with malware.

More than 400 different malware types were found to have infected computers here. Five particular variants accounted for more than half of the systems infected daily, including the globally widespread WannaCry malware which wrecked havoc across networks last May.

"The majority of these malware (types) are not new, suggesting that many victims are not scanning for viruses and cleaning up their systems," the report said.

Some 25 ransomware cases were reported in 2017, up from 19 in 2016.

Cybercrime was also on the rise, according to the SPF. There were 5,430 cybercrime cases reported in 2017, with victims suffering losses amounting to more than $95 million. The highest loss in a single case came from an Internet love scam, in which a victim lost about $6 million.

There were several notable breaches in 2017. The details of 850 personnel were stolen in a breach of Mindef's i-net system in February.

In May, the National University of Singapore and Nanyang Technological University were hit by sophisticated cyberattacks aimed at stealing government and research data.

"The breaches suffered by two of our universities and the Ministry of Defence's Internet access system during the course of 2017 reflect the increasingly targeted nature of cyber-attacks," said CSA chief executive David Koh, who is also Singapore's Commissioner of Cybersecurity. "These attacks were carefully planned, and were not the work of casual hackers or criminal gangs."

The personal data of 5,400 customers from AXA Insurance were compromised in a data breach in September. In December, ride-hailing app Uber made known that the personal information of 380,000 users in Singapore had been compromised in a 2016 breach - the biggest breach of local information to date.