Net of the living dead
ZOMBIE devices linked to the Internet, and infected with malware that allow hackers to control them and launch cyberattacks, have tripled their numbers in Singapore amid the Covid-19 pandemic, according to the latest government findings.
An average of 6,600 of such malware-laced devices, also called botnet drones, were observed last year on a daily basis, a big jump from 2,300 in 2019, said the Singapore Cyber Security Agency of (CSA) in a report released on July 8.
These devices can be computers, routers and even smartphones hijacked by hackers.
Infected with malware, they act like zombies or drones that, without the knowledge of their owners, “mindlessly” follow the instructions of hackers.
By sending commands to large groups of such devices, called botnets, hackers can use them to carry out cyberattacks.
This can include causing information technology systems to crash, breaching systems to steal data, phishing information from victims, and launching ransomware attacks that cause digital files to be locked up until the hackers are paid.
The number of systems used to control botnets, also called command and control servers, found in Singapore also nearly doubled.
CSA said 1,026 of these servers were recorded last year, up from 530 in 2019.
The sharp rise in botnet drones and the servers controlling them could be due to cybercriminals seizing opportunities created by the pandemic, said Genie Sugene Gan, cybersecurity firm Kaspersky’s head of public affairs and government relations for Asia Pacific.
She explained that IT teams were very stretched because the coronavirus caused businesses to go digital at a breakneck speed.
“Perhaps, cybersecurity was forced to take a backseat as companies were primarily concerned with business survival and inevitably prioritised business continuity,” said Gan.
She added that hackers were also exploiting people who were emotionally and physically vulnerable last year.
“The fear and anxiety brought about by the health crisis plus the need to adapt to lockdown restrictions made every one of us fall prey more easily to cyberattacks, particularly through social engineering like phishing, scams, spams, and more,” said Gan.
One of the main malware programs spread last year by servers that control botnets was Emotet, which CSA said is known to use sophisticated social engineering tactics.
Last year, cybersecurity firms warned that spam e-mails masquerading as coronavirus alerts from legitimate organisations were being used to trick people into downloading Covid-19 documents which were really Emotet in disguise.
As for why hackers sited so many of the servers in Singapore to control zombie devices, Gan said that this is a by-product of the country’s highly developed digital infrastructure and its role as a regional data hub.
Kaspersky’s own findings showed that Singapore retained its place as the No. 10 source of online threats globally in 2020.
CSA’S report also said that ransomware cases in the republic surged 154% from 35 cases in 2019 to hit 89 last year.
While most of the cases reported were from small- and medium-sized enterprises (SMES), ransomware operators were observed to be fishing for larger victims in the manufacturing, retail and healthcare sectors, said the agency.
Police figures show that cyber extortion jumped 260% as well, to hit 245 cases last year, from 68 in 2019.
The average number of local ransomware cases a month increased from April last year, which coincided with the start of the two-month circuit breaker period in the island nation.
CSA said this could possibly be due to more people telecommuting and adopting insecure practices to get work done during prolonged lockdown periods.
It warned that “with the shift in global focus to vaccine development and rollouts, ransomware operators are likely to evolve their campaigns accordingly and target the vaccinerelated supply chains and industries”.
Eric Hoh, president for Asia Pacific at cybersecurity firm Fireeye’s Mandiant unit, said that organisations, in particular SMES, that have lower priorities in cybersecurity investments could become easy targets for ransomware.
He said the manufacturing, retail and healthcare sectors are traditionally not It-centric, so their cybersecurity awareness is lower than industries like technology or finance.
This makes them more prone to phishing attempts or less likely to understand the importance of managing patches for IT systems, he said.
Patching software regularly can help plug security holes that hackers exploit.
The spike in ransomware cases in
Singapore could be due to a trend of ransomware hackers becoming guns for hire as well.
Hoh said that this “ransomware as a service” model “dramatically lowered the barriers of entry for malicious actors, which in turn increased the attack volumes tremendously”.
He added that ransomware is no longer just a nuisance like in the past but can now severely disrupt businesses.
Several high-profile ransomware cases in recent months include the Colonial Pipeline attack in the United States in May that affected the fuel supply for about 50 million customers.
Then this month, a ransomware attack centred on US IT firm Kaseya, which helps other firms manage their IT networks, is estimated to have affected between 800 and 1,500 businesses worldwide.
Singapore Communications and Information Minister Josephine Teo said in a written Parliamentary reply that steps have been taken in the light of the ransomware threat.
For instance, CSA has directed sectors with critical information infrastructure – such as energy and land transport – to boost their cybersecurity, like beefing up their ability to detect suspicious activities quickly, backing up their data regularly and storing it offline, and ensuring employees know what to do when an attack hits.
The government has also taken similar steps.
But Teo stressed that the ransomware threat goes beyond attacks on essential services or government agencies, as “it can strike any of us or our organisations, denying us access to our data or disrupting our businesses or operations”.
She urged organisations and the public to take preventive action – like in the advisories CSA has been sending out – before any ransomware attack hits them.
The agency’s report also said that the number of phishing sites detected with a Singapore link remained steady at 47,000 last year, a slight 1% dip from 2019. Cybercrime jumped in 2020 to reach 16,117 cases, up from 9,349 in 2019. It accounted for 43% of all crime in Singapore last year, going by police figures.
Most of the cyber crime cases last year were for online cheating with 12,251 cases, a spike from 7,580 in 2019. – The Straits Times/asia News Network