Getting your Trinity Audio player ready...
|
The Cyber Security Agency of Singapore (CSA) has released its Singapore Cyber Landscape 2023 publication, providing a thorough analysis of the country’s cybersecurity environment. The latest report highlights several positive developments, including a notable reduction in phishing attempts, reflecting ongoing improvements in cyber defences.
Phishing, a major vector for scams and malicious cyber activities, saw a dramatic 52% decrease in reported cases, falling from 8,500 in 2022 to approximately 4,100 in 2023. This decline is particularly significant given the global rise in phishing incidents, which have been fueled by the use of generative artificial intelligence technologies.
Despite this local reduction, phishing remains a critical threat. Cybercriminals are adapting their strategies to make their attacks more convincing, with over half of reported phishing URLs now using the secure HTTPS protocol, a significant increase from just 9% in 2022.
Additionally, more than a third of phishing attempts utilised the “.com” domain, up from 20% the previous year. The banking and financial services sector was the most frequently targeted, underscoring the high value of the data held by these institutions.
Ransomware continued to be a substantial threat in Singapore, with 132 cases reported in 2023, maintaining the same level as the previous year. Manufacturing remained the top industry affected, while the construction sector emerged as the second most targeted, surpassing retail. The persistence of ransomware attacks reflects their ongoing evolution, with two key trends emerging in 2023.
First, there has been a shift towards exfiltration-only attacks, which do not involve encrypting files but instead focus on stealing data. These attacks are faster and less detectable. Second, ransomware groups are increasingly using pressure tactics, such as harassing clients of victim organisations to coerce payment.
Infected infrastructure also saw a positive shift, with the number of compromised systems decreasing by 14% to 70,200. This decline indicates an improvement in overall cyber hygiene, although there remains room for progress. Many systems were still compromised by outdated malware that could have been easily identified by modern antivirus software.
Website defacements experienced a significant reduction, with 108 ‘sg’ domains affected in 2023, down 68% from 340 in 2022. This trend reflects a broader global decrease in such attacks, possibly due to the adoption of alternative tactics by hacktivist groups, including data breaches and distributed denial-of-service (DDoS) attacks.
The report highlights the growing role of AI in cyber-attacks. AI technology has led to more sophisticated phishing attempts, with about 13% of phishing emails reported to SingCERT containing AI-generated content that is more refined and convincing. This trend highlights the need for increased vigilance and advanced detection methods.
To support cybersecurity efforts, CSA has introduced several new resources. The Mobile Cyber Security Guide offers guidelines for securing mobile devices in organisational settings, addressing areas such as user education, data protection, and mobile authentication. CSA has also launched the “The Unseen Enemy” campaign to promote good cyber hygiene practices, including enabling two-factor authentication, being wary of phishing scams, and updating software regularly.
David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, stressed the importance of collective effort in strengthening digital resilience. “The use of generative AI has brought a new dimension to cyber threats. As AI becomes more accessible and sophisticated, threat actors will also become better at exploiting it. The recent IT disruption also showed us how interconnected our systems are and the need to strengthen our digital resilience. The Government will continue to step up our efforts to protect our cyberspace, and we are heartened to be joined by international as well as local public and private partner organisations in this effort. We need everyone, including businesses and individuals, to play a part.”