1,800 website defacements in Singapore in 2016 just tip of the iceberg: CSA

More malicious attacks such as the spread of ransomware was reported 19 times last year, up from two cases the year before.

SINGAPORE - Almost 1,800 website defacements were reported last year, but this is just the tip of the iceberg as several critical sectors were also hit by malicious malware, said a newly-released report by the Cyber Security Agency of Singapore (CSA).

More malicious attacks such as the spread of ransomware, a form of malware, was reported 19 times last year, up from two cases the year before, said CSA, noting that these cases tend to be under reported.

Although those hit by ransomware were mostly individuals and small firms, "several" critical sectors in Singapore were also infected by ransomware, said CSA in its inaugural report, dubbed Singapore Cyber Landscape 2016. CSA put up the report on its website on Thursday (Sept 14).

The agency did not elaborate on which of the 11 critical sectors - which include energy, banking, government, healthcare and transport - were hit, and how badly they were hit.

Ransomware is malware that infects unprotected computers and locks them down with a note demanding for ransom. The most notable example this year was WannaCry, which infected computers tied to some 500 Internet protocol addresses or Internet accounts in Singapore in May - although Singapore escaped largely unscathed.

"Major cyber-attacks in the first half of 2017 continue to put everyone on alert. The WannaCry and NotPetya cyber attacks led to disruptions in many services (globally)," said Mr David Koh, chief executive of CSA.

Overall, ransomware and the hacking of online accounts, among other crimes, committed under the Computer Misuse and Cybersecurity Act more than doubled to 691 cases last year from the year before.

IT security experts said that defacing a website is not just about changing how it looks, as there are more sinister implications.

"The high number of website defacements should be a warning to everyone: if a website can have its content changed, it can also be used to host malicious content, and provide a launch pad for further attacks," said Mr Bryce Boland, cyber security firm FireEye's Asia Pacific chief technology officer.

Singapore was also the target of more than 2,500 phishing cases last year, where cybercriminals disguised themselves as representatives from legitimate Singapore organisations. These criminals tried to trick victims into revealing usernames and passwords via e-mail or on spoofed websites.

Websites belonging to the Ministry of Manpower and Immigration & Checkpoints Authority were often spoofed last year, but bank websites topped the list.

CSA also highlighted the growing threat of advanced persistent threats (APTs), which are stealthy and continuous computer hacking processes to gain intelligence or steal information.

Late last year, CSA was alerted to an APT malware infection in an unnamed government organisation's Internet-facing computer, which had not been used to process sensitive information.

No confidential data was leaked, said CSA, noting it was the work of a state-sponsored hacker not previously known to be active in Asia. Off-the-shelf security software could not catch the malware.

CSA did not identify the foreign government behind this attack, but it is not the first time Singapore was the target of an APT or foreign governments.

Attacks by hackers on National University of Singapore and Nanyang Technological University, discovered in April this year, were also aimed at stealing government and research data. NTU and NUS are involved in government-linked projects for the defence, foreign affairs and transport sectors.

"Cyber threats continue to grow in both scope and scale, with more nation states acquiring offensive cyber capabilities. At least 14 countries in Asia now have these capabilities, and state-sponsored attack groups are becoming the norm," said Fireeye's Mr Boland.

CSA said the Singapore Government's Internet Surfing Separation policy, fully implemented in May this year, "will go a significant way towards securing the Government's network".

Since May, all 143,000 public servants' work computers have no Web surfing capabilities to plug potential leaks from work e-mail and shared documents amid heightened security threats. Public servants, however, can surf on dedicated Internet terminals supplied or on their personal mobile devices.

"In removing the link between the public officers' computers from the Internet, it can disrupt the attackers' cyber kill chain. Without a path out to the Internet, the attacker will not have remote access to the Government's network, and will not be able to extract data as easily," said CSA in the report.

Join ST's Telegram channel and get the latest breaking news delivered to you.