Several vital sectors subjected to cyber attacks: Report

Govt agency victim of state-sponsored hit; crimes more than doubled to 691 in 2016

There were 19 reports of ransomware attacks last year, up from two cases the year before, said the CSA, noting that these cases tend to be under-reported.
There were 19 reports of ransomware attacks last year, up from two cases the year before, said the CSA, noting that these cases tend to be under-reported. ST PHOTO: KEVIN LIM

The computer systems in several critical sectors were subject to cyber attacks last year, said a new report by the Cyber Security Agency of Singapore (CSA) that outlined the growing threat from hackers and malicious software.

The 26-page Singapore Cyber Landscape report gave one of the clearest pictures yet of the frequency and scope of cyber attacks here.

It noted, for instance, that 1,750 websites were defaced by hackers last year - an average of nearly five a day - and that an unnamed government agency was the victim of a state-sponsored attack.

There was also a sharp spike in reports of ransomware. There were 19 reports last year, up from two cases the year before, said the CSA, noting that these cases tend to be under-reported. Ransomware is malware that infects unprotected computers and locks them down with a note demanding ransom.

The most notable example this year was WannaCry, which hit computers tied to some 500 Internet protocol addresses or Internet accounts here in May - although Singapore escaped largely unscathed.

It was ransomware that hit several of the 11 critical sectors here, said the CSA in its inaugural report. It did not elaborate on which of the 11 critical sectors - including energy, banking, Government, healthcare and transport - were hit, and how badly they were affected.

"Major cyber attacks in the first half of 2017 continue to put everyone on alert. The WannaCry and NotPetya cyber attacks led to disruptions in many services (globally)," said CSA chief executive David Koh.

Overall, ransomware, hacking and other crimes committed under the Computer Misuse and Cybersecurity Act more than doubled to 691 cases last year from the year before.

"The high number of website defacements should be a warning to everyone: If a website can have its content changed, it can also be used to host malicious content, and provide a launch pad for further attacks," said Mr Bryce Boland, Asia-Pacific chief technology officer of cyber-security firm FireEye.

The CSA also highlighted the growing threat of advanced persistent threats (APTs), which are stealthy and continuous computer hacking processes to gain intelligence or steal information.

Late last year, the CSA was alerted to an APT malware infection in an unnamed government organisation's Internet-facing computer, which had not been used to process sensitive information.

No confidential data was leaked, said the CSA, noting that it was the work of a state-sponsored hacker not previously known to be active in Asia. Off-the-shelf security software could not catch the malware.

The CSA did not identify the foreign government behind this attack, but it was not the first time Singapore has been the target of an APT or foreign governments.

Attacks by hackers on the National University of Singapore and Nanyang Technological University, discovered in April this year, were also aimed at stealing government and research data. The two universities are involved in government- linked projects for the defence, foreign affairs and transport sectors.

"Cyberthreats continue to grow in both scope and scale, with more nation states acquiring offensive cyber capabilities. At least 14 countries in Asia now have these capabilities, and state-sponsored attack groups are becoming the norm," said Mr Boland.

The CSA said the Government's Internet Surfing Separation policy, fully implemented in May, "will go a significant way towards securing the Government's network".

Since May, all 143,000 public servants' work computers have had no Web-surfing capabilities, to plug potential leaks from work e-mail and shared documents amid heightened security threats.

"In removing the link between the public officers' computers and the Internet, it can disrupt the attackers' cyberkill chain. Without a path out to the Internet, the attacker will not have remote access to the Government's network, and will not be able to extract data as easily," said the CSA in its report.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on September 16, 2017, with the headline Several vital sectors subjected to cyber attacks: Report. Subscribe