Navigating the Digital Peril in Singapore: Phishing & Ransomware Continue To Pose Significant Risk1/9/2023
In Singapore’s cyber landscape, the shadows of phishing and ransomware continue to cast a pervasive and potentially devastating threat. In the latest publication by the Singapore Cybersecurity Agency (CSA), it was observed that the danger of phishing and ransomware threats were seen to pose an increased threat to organizations and individuals in Singapore. In this article, we delve into the recent CSA report, dissect the evolving landscape of phishing and ransomware, the anticipated cybersecurity trends, and discuss strategies to stay resilient in the face of these persistent cyber risks. Phishing: It’s Increasing Threat CSA received around 8,500 reports of phishing attempts in 2022, this was a 175% increase from the 3,100 cases reported in 2021. As CSA reported, this increase reflects the global trends of increased phishing attacks. What is Phishing? Phishing is a social engineering technique that relies on psychological manipulation to trick individuals into revealing sensitive information, such as their passwords and financial details. CSA found that more than 50% of the reported cases of phishing involved URLs that ended with “.xyz” - a popular top-level domain with cybercriminals due to its low costs (as little as US$1) and that it can be purchased in bulk for use. Based on the decrease in the average length of reported phishing links (from 44 to 26 characters in 2022), this could indicate that cybercriminals are using URL shortener services to conceal their intent and track the click-through rate of their phishing campaigns. The industries that were most spoofed in Singapore were the Banking & Financial Services, Government, and Logistics. Since 2016, these sectors have had the highest number of phishing attempts. Cybercriminals imitating entities within the banking and financial sector made up more than 80% of all reported phishing attempts. They are often targeted as they are trusted institutions which hold valuable and sensitive information such as personal information and login credentials. This information allows cybercriminals to commit frauds such as identity theft. With digitalisation and COVID-19 which pushed even more people to move to online banking, this has increased the attack surface. This has led to an uptick of malicious cyber activities that target organizations and individuals. CSA also pointed out phishing attempts involving China-based banks accounted for nearly 50% of all banking-related phishing attempts in 2022. Several of these banks imitated by cybercriminals have little to no presence in the Singapore retail banking scene, and are unknown to most retail banking customers in Singapore, such as Agricultural Bank of China and Zhongyuan Bank. It was most likely that these phishers were utilizing the ‘spray and pray ’ technique to mass target victims. This sharp spike in reported phishing attempts imitating China-based banks coincided with China’s rural bank scandal that occurred in June 2022. Ransomware: A Key Concern What is Ransomware? Ransomware is a malware that prevents or limits users or organizations from accessing files or systems until a ransom is paid. Ransomware remains a major issue both in Singapore and worldwide, with ransomware posing a severe threat to almost every industry and government. This is evident from cybersecurity vendors reporting a 13% increase in ransomware incidents worldwide in 2022. In Singapore, ransomware incidents reported to Singapore Cyber Emergency Response Team (SingCERT) remained high at 132 cases, which is a slight dip from the 137 cases reported in 2021. The top victims of ransomware in Singapore were Small and Medium Businesses (SMEs) in the Manufacturing and Retail sectors. SMEs in these sectors are commonly targeted as they hold valuable data and intellectual property (which they can extort) but often lack the resources to counter cyber threats. It was found that the majority of Deadbolt’s (a RaaS ransomware strain) Singapore-based SME victims had their network-attached storage (NAS) systems encrypted by the ransomware. NAS systems is a file storage that enables multiple users to retrieve data from a centralized disk capacity. Based on global observations, it was found that Deadbolt operators tend to target Internet-facing unprotected NAS systems. Hence, it is highly recommended for organizations to patch and update their Internet-exposed NAS systems regularly to prevent the exploitation of any security vulnerabilities in a ransomware attack. Globally, the ransomware landscape has become more complex and fluid. This has been largely due to governments globally actions to limit these malicious activities. This has forced cybercriminals to find new ways to operate. Anticipated Cybersecurity Trends (1) Ransom For Reputation (R4R)
From the high-profile data breaches that occurred in 2022 globally, organizations might consider the reason of reducing reputational damage more compelling to pay the ransom than regaining access to their encrypted data. Hence, cybercriminals will still rely on extortion but actual ransomware deployments might decline. Rather Ransomware-as-a-Service (RaaS) might focus more on data exfiltration and public shaming on their data leak sites. Based on the MOVEit theft attack that has so far impacted 1079 organizations and has 49.1-54 million individual victims as of 31 August 2023. This trend seems to be moving in this direction, whereby ransomware groups such as Clop, seem to be relying on data exfiltration and the public announcement of their victims on their dark web sites to start negotiations on ransom payments. (2) Artificial Intelligence (AI) Used For Both Good & Bad With AI becoming more advanced and accessible, cybercriminals can utilize them to carry out malicious activities such as crafting highly targeted phishing emails and utilizing deepfakes to impersonate C-suite executives to take over their accounts. However, AI can also be used by defenders alike. It is expected that AI will be increasingly utilized in cybersecurity, with an expected growth size from US$22.4 billion in 2023 to US$60.6 billion in 2028. More exact, the use of Machine Learning (ML) and Natural Language Processing (NLP) can help provide real-time insights to discover potential cyber threats and attacks. (3) Risks from Economic Adversity Based on Interpol’s ‘COVID-19 Cybercrime Analysis Report’, there seems to be a correlation between cybercrime and economic adversity. As during economic adversity, such as the Russian-Ukraine conflict which brought about financial pressures and rise in cost of living, cybercriminals would tend to use this as opportunities to exploit psychological weaknesses, such as utilizing phishing campaigns, to make up for their own financial shortfalls. Furthermore, during impending economic adversity, organizations tend to focus on reducing their non-essential expenditures. Sadly, uninformed C-suites tend to view cybersecurity as an expense rather than an essential function. Hence, smaller cybersecurity budgets and therefore fewer resources may translate into the reduction of an organization's security posture. This will be taken advantage of by cybercriminals, which increases the risks of ransomware attacks and breaches. So What Can You Do? Best Practices To Bolster Your Cybersecurity Posture
Takeaway The CSA report's findings shed light on the ever-present dangers of phishing and ransomware attacks. As these threats continue to evolve in complexity, it is paramount for organizations and individuals to remain proactive and vigilant. By implementing robust cybersecurity strategies, fostering a culture of awareness, and leveraging advanced technologies, we can collectively navigate the digital peril posed by phishing and ransomware attacks. In this era of interconnectedness, knowledge and preparedness are our most potent weapons in securing a safer digital future. Cyber Security For Organizations with TAFA With the current cyber environment, organizations are facing increasingly sophisticated cyber threats. To protect against these threats, it is necessary to utilize cybersecurity solutions that can prevent zero-day and advanced cyber threats and also help ensure regulatory compliance. With our prevention first and zero-trust approach to security using machine learning (ML) and artificial intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. To learn more information about TAFA Shield and how we can help your company, do not hesitate to contact us for more information. Related Topics When Cybercriminals Go Phishing: Email Threats On The Rise The Rise Of Phishing: Safeguarding Against Digital Deception Protect Yourself: Best Practices to Combat Phishing AttacksThe Common Signs Of Being Cyberattacked 7 Types of Cyber Security Measures SMEs Need to Protect Their Business The Common Signs Of Being Cyberattacked Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|