Fewer phishing, infected infrastructure, website defacement incidents reported to CSA in 2023

The Cyber Security Agency of Singapore (CSA) recorded a drop in the number of instances of phishing, infected infrastructure and website defacements year on year in 2023, although it noted that the absolute number of such incidents remained high.

As part of its Singapore Cyber Landscape 2023 report released on Tuesday (Jul 30), the agency analysed multiple data sources and developments to shed light on the common cyberthreats observed in Singapore’s cyberspace.

For phishing, even as the number of attempts reported to the Singapore Cyber Emergency Response Team fell 52 per cent to 4,100 in 2023, the global trend was for sharp increases.

The agency added that the increases were likely fuelled by the use of generative artificial intelligence (Gen AI) chatbots, such as startup OpenAI’s ChatGPT, to generate phishing content at scale.

Researchers have found that such Gen AI models are capable of being prompted to produce convincing phishing e-mails.

“The scale of AI improvements and adoption, which reached unprecedented levels in 2023, is projected to grow even further, with malicious actors likely to benefit as well,” CSA warned.

“For example, malicious actors are exploiting AI to enhance various aspects of cyberattacks, such as for social engineering or reconnaissance. This is likely to increase, driven by the ever-growing stores of data, which can be used to train AI models for higher quality results,” it added.

Furthermore, CSA observed that cybercriminals are taking steps to appear more legitimate and authentic.

For instance, more than half of the phishing sites reported to CSA were encrypted with the more secure HTTPS protocol to appear more legitimate, while more than a third of such sites used a “.com” domain name in their website addresses.

In the area of infected infrastructure, such cases fell by 14 per cent year on year to 70,200 systems in 2023. Such attacks take over systems and use them to distribute malware and spam, or conduct distributed denial of service (DDoS) attacks on other systems.

“There is still much room for improvement, as CSA’s analysis showed that many systems were compromised by dated malware which could have been easily detected by anti-virus software,” the agency said.

Meanwhile, cases of “.sg” website defacements fell 68 per cent to 108 year on year in 2023.

The agency attributed this to a change in hacktivist groups’ tactics, such as the use of data breaches and DDoS attacks to advance their agenda.

The number of reported ransomware incidents in 2023 did not decline but remained the same as in 2022, albeit still high, at 132.

The agency observed that manufacturing and construction were the top industries affected by ransomware.

“Some ransomware groups may have chosen to compromise these two industries as their level of cybersecurity might not have been as mature, or that they might be more susceptible to pressure to pay ransom, rather than to face costly operational disruptions and project delays,” it said.

CSA added that it has been working with the private sector to help enterprises better understand their responsibility and defend against cloud-specific risks.

For example, the agency said that it partnered with the Cloud Security Alliance, which consists of cloud providers such as Amazon, Google and Huawei, to launch two cloud security companion guides in October 2023.

It added that the guides were developed to complement the nation’s Cyber Essentials and Cyber Trust cybersecurity standards.

Ransomware a significant business threat

Cybersecurity firms have noted that companies, especially small and medium-sized enterprises (SMEs) remain significant targets for cybercriminals.

In its cybersecurity report released on Jul 26, digital security provider Eset noted that in a survey of 1,400 IT professionals, 65 per cent of local SMEs reported being targets of breach attempts or cybersecurity incidents in the last year.

The survey also found that while 83 per cent of respondents are concerned about ransomware threats, 88 per cent said that they might consider paying in the event of a ransomware attack.

Parvinder Walia, president of Eset in Asia-Pacific and Japan, said: “It is also essential for SMEs to recognise that paying cybercriminals only fuels further cybercrime. Instead, their focus should be on adopting proactive strategies to thwart potential attacks.”

In a separate report by cybersecurity provider Palo Alto Networks on Jul 2, more than seven in 10 local respondents stated that their organisations had experienced at least one cyberattack in the past year.

Notably, over a third of the companies had to halt their industrial operations due to a successful attack on their operational technology (OT).

The firm also found that there remains friction between OT and IT teams.

Nearly half of the respondents said that the relationship between their OT and IT teams was either siloed or frictional; and only 36.6 per cent of respondents reported that the two teams shared the responsibility for OT cybersecurity purchase decisions.

“This disparity is due to the historical roles of both teams, with IT traditionally being in charge of companywide security, while operational technology has historically focused on industrial operations,” Palo Alto Networks said.

Source: Business Times © SPH Media Limited. Permission required for reproduction.

ADV: [webinar] Digital Asset Case Studies: Insights from China, SG and Global Initiatives (3 September 2024, 1 Public CPD Point) Doctor who accessed records of colleague’s patients sues SingHealth for wrongful dismissal