pinkeyes - stock.adobe.com

Singapore among world’s top sources of online threats

Singapore remained a hotspot for originating cyber attacks in 2019, with 11 million attacks launched from servers in the city-state

Singapore remained a hotbed for originating cyber attacks in 2019, falling only two places from the year before to rank 10th globally in a Kaspersky study.

The cyber security company said it had uncovered more than 11 million attacks from servers hosted in Singapore last year, representing a 150% decrease over 2018.

The number of web threats, or malware targeting internet users, however, remained significant in Singapore. Kaspersky said it detected 4,657,235 web threats in the city-state, putting it at 157th globally, a regression of only one position compared to the year before.

In Southeast Asia, the top four attack vectors of web threats were unintentional downloads of certain files from the internet, malicious attachments from online email services, browser extensions activity, and malicious communications with command and control (C2C) servers.

While web-mining activity fell at the beginning of the year in Southeast Asia due to declining interest in cryptocurrencies, Kaspersky observed a significant growth in the number of online skimmers, using malware to steal user account information such as logins and passwords from infected computers.

“Across the region, Singapore has performed well in terms of maintaining its high position for having the least number of cyber threats blocked relative to its neighbours, regardless of whether they are internet-borne or local in nature,” said Yeo Siang Tiong, general manager at Kaspersky Southeast Asia.

“These noteworthy results are commendable, and we have to give a nod on how public and private institutions in the country are working together actively to keep the digital aspect of the Republic safe and secured,” he added.

Singapore’s cyber security landscape ended on a sombre note last year. Yeo said the spate of cyber security incidents, including the leakage of personal data of 2,400 Ministry of Defence personnel and the Sephora hack, showed that the city-state continues to be a key target for cyber criminals.

“The government is undoubtedly stepping up its efforts to build up its defences. For our part, we renewed our commitment to sharing threat intelligence with Interpol last year, as we believe that building cyber security capacity must be a shared responsibility,” Yeo added.

In February 2020, the Singapore government said it would set aside S$1bn over the next three years to build up its cyber and data security capabilities, to safeguard citizens’ data and critical information infrastructure (CII) systems.

Noting that Singapore must be prepared to deal with cyber threats as digitisation becomes more pervasive, Singapore deputy prime minister and finance minister Heng Swee Keat said the Cyber Security Agency (CSA) is preparing measures for the next level of cyber security with the growing use of artificial intelligence (AI), cloud computing and the internet of things (IoT).

The budget announcement comes on the back of a CSA masterplan unveiled in October 2019 to help secure operational technology (OT) systems used in CII sectors, including transportation, energy and water.

Developed together with industry partners, the masterplan details the development of capabilities to secure OT systems, along with plans to set up an OT cyber security information sharing and analysis centre.

Cyber security labelling scheme

Meanwhile, the CSA is also introducing the Cybersecurity Labelling Scheme (CLS) this year for network-connected smart devices.

The first of its kind in the Asia-Pacific region, the scheme will provide different levels of cyber security ratings to help consumers make informed choices about the security features of the smart devices they purchase.

As a start, CSA will introduce the CLS to Wi-Fi routers and smart home hubs, which will be assessed on security requirements such as ensuring unique default passwords, adherence to security-by-design principles and resistance to basic penetration testing.

With the scheme, which will be aligned to global security standards for consumer IoT products, the CSA hopes to incentivise manufacturers and product suppliers to develop products with recognised and improved security features.

Read more about cyber security in ASEAN

Read more on Hackers and cybercrime prevention