Ransomware attacks threaten nations, 137 S’pore firms fell prey in 2021: CSA
SINGAPORE – Fifty per cent more companies in Singapore fell prey to ransomware last year, as such attacks increasingly become national security threats.
Mirroring global trends, the number of firms in Singapore that had their systems locked up until a ransom was paid shot up from 89 in 2020 to 137 last year, said the Cyber Security Agency (CSA) of Singapore.
“The year saw ransomware attacks ‘graduate’ fully from sporadic and isolated incidents, into legitimate national security risks capable of massive and systemic attacks affecting entire networks of large enterprises,” said CSA in its Singapore Cyber Landscape 2021 report released on Monday (Aug 29).
As not every attack was reported, the figures may very well represent only the tip of the iceberg, the sixth annual report said.
CSA found that a majority of firms here hit by ransomware last year were small and medium-sized enterprises (SMEs) from industries such as IT and manufacturing, said to be “low hanging fruit”.
“These two sectors often run 24/7 operations and may not be able to afford the downtime to patch their systems,” said the agency.
It said several groups that targeted Singapore SMEs use the ransomware-as-a-service model, where hackers lease malicious software to other cyber criminals in exchange for a cut of the proceeds. This model significantly lowers the barrier to entry for amateur or less-skilled hackers to attack companies.
Although the report did not provide specific Singapore cases in detail, it mentioned a data breach last January involving the personal information about 129,000 Singtel customers as a result of a ransomware attack.
Hackers exploited vulnerabilities in US tech firm Accellion’s file-sharing software, which is used by Singtel and many global firms. Cyber criminals later posted a ransom note addressed to Accellion demanding $250,000 worth of bitcoin. The incident shone the spotlight on supply chain risks.
Other high-profile global incidents include an attack on American fuel transporter Colonial Pipeline’s IT systems in May last year, which affected its oil and gas supply to about 50 million customers, leading to fuel shortages and price hikes.
Ireland’s Health Service Executive and New Zealand’s Waikato District Health Board were also hit by ransomware in May last year, which caused sensitive patient data to be leaked and the shutdown of the organisations’ systems that disrupted essential healthcare services.
One of the world’s largest meat producers, JBS, temporarily suspended operations at its processing plants in North America and Australia, after a ransomware attack in June last year shut down its IT network. The move threatened to disrupt global food supply chains and further inflate food prices. It later paid US$11 million ($15.3 million) to criminals to restore its data.
Also mirroring global trends, there was a three-fold increase in the number of command and control servers controlled by hackers hosted here – from 1,026 in 2020 to 3,300 last year, said CSA.
These servers control malware-infected computers or surveillance cameras to launch attacks that steal data, distribute ransomware or take down critical systems.