More online shoppers are falling for scams in Singapore, where cybercrime accounted for 26.8% of all crimes last year with e-commerce scams the most popular. Some 9,430 cybercrime cases were reported last year, up 51.7% from 2018 when there were 6,215 cases.
E-commerce remained the leading tactic used by scammers who hoodwinked 2,809 victims in 2019. This was a 30% increase from 2,161 reported cases in 2018, according to the Singapore Cyber Landscape 2019 report released Friday by the Cyber Security Agency of Singapore (CSA).
Citing figures from the local police, the report further noted that victims of e-commerce scams continued to be lured by attractive online deals on items such as electronic gadgets and event tickets.
Last year also saw increases in website defacement, phishing incidents, and malware infections. The CSA report revealed that 873 websites were defaced, compared to 605 cases in 2018, with most of the affected websites operated by small and midsize businesses (SMBs) from various sectors including finance, manufacturing, and retail.
CSA attributed the increase partly to an Indonesia-based hacker group as well as ongoing developments in the Middle East.
The government agency also was alerted to 35 ransomware cases in 2019, up from 21 cases in 2018, with affected systems operated by organisations across several industries including travel and tourism, manufacturing, and logistics.
In addition, CSA said it detected 530 unique Command & Control servers last year, compared to 300 in 2018, and identified a daily average of 2,300 botnet drones with local IP addresses, which was a 20% drop from 2018. Almost 370 malware variants also were detected, with Mirai, Gamarue, Conficker, Nymaim, and Ranbyus amongst the top five and accounting for more than half of all observed infections, CSA said.
It further noted that 47,500 Singapore-hosted phishing URLs were identified last year, up significantly from 16,100 URLs in 2018. Local organisations that often fell victim to such attacks included technology vendors, banking and financial companies, and e-mail service providers as well as government agencies such as the Ministry of Manpower (MOM), Immigration & Checkpoints Authority, and Singapore Police Force.
Just last week, Singapore was identified as amongst six nations targeted in a COVID-19 themed phishing campaign that was scheduled to take place June 21. Reported the work of North Korean state hacker group Lazarus, the attack was slated to target more than 5 million businesses and individuals including 8,000 organisations in Singapore, which would reportedly receive phishing email messages from a spoofed Ministry of Manpower account.
CSA warned that the COVID-19 pandemic was likely to drive up the volume of cybersecurity incidents, as increased home-based work activities came with added security risks. The agency also pointed to businesses moving to the cloud as another catalyst since such deployment expanded their cybersecurity attack surface.
CSA’s chief executive and commissioner of cybersecurity, David Koh, said: “As one of the most connected countries in the world, Singapore remains a target for cyber attacks and cybercrime. Threat actors have continued to evolve their tactics, resulting in an intensification of malicious cyber activities in 2019.
“The ongoing COVID-19 pandemic has also provided new opportunities and attack surfaces for them to capitalise on,” Koh said. “Cybersecurity is a team sport and now, more than ever, we must come together to do our part to protect our cyberspace.”
He added that with more enterprises adopting work-from-home policies, threat actors were likely to capitalise on this to gain unauthorised access to users’ data or the organisations’ networks.