Systems infected by malware in Singapore more than doubled in 2025: CSA
Sign up now: Get ST's newsletters delivered to your inbox
The increase was driven by persistent malicious activity and improved detection of botnet devices.
PHOTO: LIANHE ZAOBAO
- The number of malware-infected systems in Singapore more than doubled to 284,300 in 2025, driven by botnet activity and improved detection.
- New stricter security requirements for residential routers will be implemented by end-2027 to combat IoT device vulnerabilities and improve cybersecurity.
- Ransomware cases in Singapore increased slightly, disproportionately affecting SMEs.
AI generated
SINGAPORE – The number of malware-infected systems detected in Singapore more than doubled to 284,300 in 2025, driven by persistent malicious activity and improved detection of botnet devices.
This is an increase from 117,300 infected systems detected in 2024, according to the latest Singapore Cyber Landscape report published on June 30.
Botnet devices are computers, servers or internet-of-things (IoT) devices that malware has taken over, allowing an operator to control them remotely.
“The continued profitability of malware-as-a-service operations, coupled with widespread use of consumer IoT devices with weak security configurations or unpatched firmware, has created more opportunities for botnet operators,” said the Cyber Security Agency of Singapore (CSA) in a statement on the report.
To boost efforts in securing consumer IoT devices, all residential routers sold in Singapore will need to meet more stringent requirements set out by the agency by end-2027.
Currently, all residential routers sold in Singapore must meet the basic level-one requirements – such as having unique default passwords and updated software – under CSA’s Cybersecurity Labelling Scheme.
Routers will soon need to meet level-two requirements, including stronger security for communications, storage of sensitive data and methods to verify users.
In its 10th edition, the report highlighted key trends in the cybersecurity landscape, which include the introduction of AI agents and frontier AI models that can automate and accelerate cyberattacks.
“Vulnerabilities are weaponised within hours or even minutes, spreading across networks and supply chains before defenders can mobilise, as threat actors leverage AI to scale up both their speed of mass exploitation of vulnerabilities and the evasiveness of their malware,” said David Koh, commissioner of cybersecurity and CSA chief executive, in the report.
The outgoing chief, Singapore’s first cybersecurity czar, will be replaced by senior civil servant Gwenda Fong on July 1.
The emergence of autonomous AI models such as Anthropic’s Mythos can also significantly shorten the time needed to conduct attacks, and lower the barrier of entry for less skilled attackers, said CSA.
It added that the misuse of OpenClaw, a legitimate open-source agentic AI tool, has also shown how such technologies can be weaponised to breach development pipelines at scale.
The use of AI is also aiding scam operations by enabling threat actors to generate realistic voice clones and deepfake videos at scale, and develop tools capable of bypassing multi-factor authentication.
Despite this, phishing activity detected in Singapore fell by around 20 per cent to 4,800 reported cases in 2025, from 6,100 cases in 2024.
The decrease in cases may reflect a combination of factors, including underreporting of cases where there were no financial losses, and improved filtering or disruption measures on e-mail platforms, said Luke Ho, director of National Cyber Threat Analysis Centre at CSA.
Companies that are most spoofed by scammers in phishing attempts include those in the banking and financial services sector, followed by government and logistics.
“Based on the reported cases in 2025, threat actors most frequently impersonated Japanese financial institutions that were likely unfamiliar to most Singapore consumers,” said CSA in its report.
The number of reported ransomware cases also increased slightly to 165 cases in 2025, from 159 cases in 2024.
Small and medium-sized enterprises (SMEs) continue to be disproportionately affected due to comparatively lower cybersecurity maturity and limited resources, said CSA, adding that the establishment of the Cyber Resilience Centre is meant to assist SMEs with cybersecurity health checks and recovery assistance.
Earlier in March, the Government also committed to developing and deploying its own threat detection tools to help critical information infrastructure (CII) owners better uncover advanced persistent threats (APTs).
Singapore’s 11 critical services sectors are aviation, healthcare, land transport, maritime, media, security and emergency services, water, banking and finance, energy, infocommunications, and government.
The ramp up in cybersecurity efforts came on the heels of an attack by cyberespionage group UNC3886 on Singapore’s telcos.
Following the attack, Singapore launched Operation Cyber Guardian, the nation’s largest coordinated defence involving more than 100 cyber defenders from six government agencies and four telcos.
Other efforts to strengthen the country’s cybersecurity posture across critical sectors, businesses and the wider community include the expansion of the Cyber Trust mark certification scheme.
The voluntary scheme, which certifies companies that demonstrate strong and appropriate cybersecurity practices, will be mandatory for CII owners by end-2027.
“CSA will continue investing in national cybersecurity capabilities, strengthening partnerships with industry and international partners, and ensuring that emerging technologies such as AI and quantum computing can be adopted securely to support Singapore’s digital future,” said the agency.

