Close this search box.

We are creating some awesome events for you. Kindly bear with us.

CSA report identifies ransomware, phishing, website defacements and compromised C&C servers as common cyber threats in Singapore

CSA report identifies ransomware

The Cyber Security Agency (CSA) of Singapore released its inaugural “Singapore Cyber Landscape” publication featuring facts and figures on key cyber threats and incidents in Singapore for 2016. The publication provides an overview and analysis of Singapore’s cyber health. It also seeks to raise awareness of cyber threats among stakeholders from the public and private sectors, industry, academia, and providers of essential services so that they can take appropriate action to defend against such threats.

Singapore is particularly susceptible to cyber-attacks given the high level of Internet connectivity. Common types of cyber threats observed in Singapore’s cyber landscape during 2016 included ransomware[1], phishing[2], website defacements[3], and compromised Command & Control[4] (C&C) Servers.

CSA received 19 reports of ransomware cases from individuals and SMEs in 2016, up from two cases reported in 2015. Many cases go unreported as companies may be reluctant to admit being affected because of potential impact on reputation. Cerber, CryptoLocker and Locky were among the types of ransomware reported. SingCERT issued an advisory in May 2016 to warn the public of such dangers and provided precautionary measures to be adopted.

Nearly 1,800 website defacements were detected in Singapore in 2016, with the majority being websites of SMEs from a range of businesses such as interior design and manufacturing. The perpetrators included hacktivists promoting a certain ideology, and their attacks were observed across other countries also. One in 10 defaced websites was hosted on servers running outdated operating systems, which may have made them vulnerable.

More than 60 C&C servers were detected during the year. Potentially, C&C servers could be used to control botnets – a network of compromised computers ¬ that in turn could be mobilised for DDoS (Distributed Denial of Service) attacks. Whenever a new C&C server is detected, SingCERT will inform the respective Web hosting providers to rectify the issue.

Five malware (Conficker, XcodeGhost, Zero access, Mirai and Sality) accounted for over 50% of botnets observed in Singapore’s cyberspace.

Around 43 per cent of security incidents reported to SingCERT by individuals and SMEs occurred through phishing attacks. Over 2,500 phishing URLs were detected in 2016, with the Banking & Finance sector appearing to be the most spoofed, accounting for 31 per cent of all observed phishing URLs. Among online services, PayPal was spoofed most often in phishing campaigns.

CSA also observed that filehosting service providers, such as Dropbox and Google Drive were popular targets as hackers could easily harvest user credentials from there. Some government institutions, such as Ministry of Manpower (MOM) and Immigration & Checkpoints Authority (ICA) were also spoofed, with attackers seeking personal data, such as passport numbers that could be traded in underground markets.

Those affected by cyber-attacks include Small and Medium Enterprises (SMEs), individuals and Critical Information Infrastructure (CIIs), including the Government, Healthcare, and Banking & Finance sectors.

One of the most common cyber threats reported to SingCERT by SMEs in 2016 was business e-mail scams. Millions of dollars were lost through phishing scams where hackers impersonated company executives or business partners via e-mail. SPF figures also showed that there was a 20 per cent rise in e-mail impersonation scams in 2016 compared to 2015.

The Internet Surfing Separation (ISS) policy announced in June 2016 is expected to contribute significantly towards securing the Government’s ICT environment, as removing the link between the public officers’ computers from the Internet can disrupt the attackers’ cyber kill chain.

Ransomware incidents were detected in Singapore’s Healthcare sector, with individual users unable to access their files on the network. Investigations by CSA showed that these users were infected after they opened attachments or clicked on links found in e-mails they had received. Upon detection, affected computers were successfully isolated to prevent the ransomware infection from spreading to the wider network and there was no impact to the sector’s CII assets.

Advanced Persistent Threats

The report also highlights the risk of Advanced Persistent Threats (APTs) in a time of increasing geopolitical tensions. APTs are often state-sponsored and can be used for espionage, data exfiltration, and data manipulation. They hide in networks for prolonged periods to plan their targeted attacks.

CII (Critical information infrastructure) sectors such as the Government, Banking & Finance, Healthcare and Energy sectors are attractive targets for APT attacks because a strike on them could have significant impact on the economy and society. One APT group was discovered to be eyeing a Singapore institution, using its signature tactic of phishing on individuals there. Through close collaboration between the institution and the authorities, the APT attempt was detected and halted before further harm could be done.

The report notes that early identification and stopping of malicious APT activity is a multi-stakeholder effort that would involve the intelligence community, law enforcement agencies, the targeted institution, and even foreign counterparts.


The proportion of cybercrime to the total number of crime cases has been growing from 7.9 per cent in 2014 to 13.7 per cent in 2016. In 2016, cyber criminals mostly committed online cheating cases (top 3 categories- e-commerce, Internet love scam and credit-for-sex), accounting for 83 per cent, followed by Computer Misuse and Cybersecurity Act (CMCA) cases such as unauthorised access to computer material (15 per cent) and cyber extortion (2 per cent) respectively.

CMCA cases more than doubled year-on-year, from 280 in 2015 to 691 in 2016. The top five CMCA cases in 2016, in no particular order, were related to ransomware, hacking, compromise of online accounts (such as Facebook), SingPass and Internet banking accounts.

Read the complete report here. 

[1] Malware that encrypts files on a victim’s device, rendering them unusable until a ransom is paid, usually in the form of Bitcoin. It is spread through e-mail or malicious advertisements.

[2] Websites that are compromised or created by hackers to trick Internet users into believing they are accessing a legitimate, trusted website.

[3] Hackers change the visual appearance of a single webpage or an entire website by gaining unauthorised access to the web hosting server. Defaced websites may also contain malicious code to infect visitors to the affected site.

[4] A C&C server is a machine operated by hackers to communicate with devices that have been infected with malware. 


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit