Ransomware, infected infrastructure cases spiked last year: Cyber Security Agency

As the Cyber Security Agency (CSA) of Singapore celebrates its 10th anniversary, it highlighted the threats that our country faces.

The Singapore Cyber Landscape 2024 by the agency shows how it has responded to threats over the years, countering advanced persistent threat (APT) groups and evolving scams.

Specifically, APT activity has increased globally, with a focus on Government and critical infrastructure among those targeting Southeast Asia.

CSA pointed out that ransomware and infected infrastructure were key concerns locally in 2024.

Reported ransomware cases increased from 132 cases in 2023 to 159 in 2024, while infected infrastructure surged from 70,200 to 117,300 within the same period.

"CSA's analysis revealed that most of these infections involved old malware strains with readily available remediation measures which were not adopted," the agency said.

"This underscored a troubling fact — that even as ransomware and other cyber threats grew, users were still failing to update and patch vulnerable software."

Coordinating Minister for National Security K Shanmugam disclosed one such incident in July this year — UNC3886, a Chinese espionage group active since 2021.

"(The group) demonstrates sophisticated tactics, techniques, and procedures," CSA stated, adding that they — alongside other APT groups — take aim at "high-value" targets including critical infrastructure.

To counteract APT actors, CSA has collaborated with the owners of such infrastructure over the past year, expanding the scope of their protection to cover vendors and suppliers.

It also held Exercise Cyber Star between July and August this year which tested participants' abilities to respond to threats based on the global cyber landscape.

CSA has also worked with other countries to deal with transnational cybersecurity challenges, exchanging information and participating in cross-border operations.

Multiple initiatives 

To remedy the situation, the agency launched multiple initiatives, one of which was an international operation against a global botnet in September 2024 which identified 2,700 infected devices in Singapore.

Singapore, a leading member of the Counter Ransomware Initiative (CRI), will host the CRI Summit on Oct 24 to further discussions on ransomware with global partners.

CSA also amended the Cybersecurity Act in 2024, taking note of new technologies and threats, especially with the increasing usage of internet of things devices.

It also produced the Operational Technology Cybersecurity Masterplan, which shared its blueprints for bolstering relevant cyber defences, and developed guidelines for system owners to protect artificial intelligence (AI) projects.

Cybersecurity commissioner and chief executive of CSA David Koh emphasised the constant evolving threats online, which have begun to incorporate AI deepfakes and scams.

He added: "We have to re-double our efforts, together with our many partners, stakeholders, and Singaporeans, and continue to work towards a future where everyone can live and work online in a trusted, resilient, and vibrant cyberspace."

[[nid:720441]]

khooyihang@asiaone.com