SINGAPORE CYBER LANDSCAPE 2020
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
SINGAPORE
CYBER LANDSCAPE
2020
SINGAPORE CYBER LANDSCAPE 2020 1
Contents
Foreword 4 Topical Focus: Malicious Command and Control
Overview of Cyber Threats in 2020 6 (C&C) Servers and Evolution of
Emotet Malware in Singapore 30
The Evolution of Emotet 33
Chapter 1
Spotlight on Cyber Threats 7 Strengthening the Resilience of the Critical
Information Infrastructure (CII) Sectors 35
Stalking the Pandemic Trajectory 10
Key Observations of the Operational
Effects of COVID-19 on the Technology Landscape in 2020 35
Cybersecurity Landscape 12 International Critical Infrastructure
COVID-19 and its Impact on Global Security Showdown 37
Cybercrime 12
Topical Focus: Observations on Local Website
Widened Attack Surface Bodes Ill for
Defacements and GE 2020 38
Data Security 13
Delivering a Cyber-secure Singapore
Intensification of Vaccine-related General Election 2020 39
Cyber-attacks 14
The Contact Tracing Conundrum 15
Chapter 3
TraceTogether App – Behind the Scenes 16 A Retrospective Look 40
Topical Focus: Phishing and COVID-19 17 Pillar 1: Building a Resilient Infrastructure 42
COVID-19 Sparks Spike in Phishing Lures, Pillar 2: Creating a Safer Cyberspace 44
Singapore Not Spared 18
Pillar 3: Developing a Vibrant Cybersecurity
Singapore Cyber Landscape 2020 Topical Focus: Ransomware and COVID-19 19 Ecosystem 46
Copyright 2021 A Double Dose of Coronavirus and Pillar 4: Strengthening International
By Cyber Security Agency of Singapore Ransomware 20 Partnerships 48
With contributions by the Centre of Excellence for National Security, S. Rajaratnam
School of International Studies; Defence Cyber Organisation; Government
The SolarWinds Supply-chain Breach
Technology Agency of Singapore; Operational Technology Information Sharing and Chapter 4
Analysis Center (OT-ISAC); and the Singapore Police Force. and Fallout 21
Looking Back to Look Forward 50
All rights reserved. A Retrospective of Threat Trends, and a
Chapter 2 Pondering on the Future 52
Designed by Urban Forest Design Pte Ltd
WWW.TARGET.SG 24
ISBN: 978-981-18-1420-4 Cybersecurity Trends to Watch 55
Local Case Studies
The “Singapore Cyber Landscape 2020” publication reviews Singapore’s Case Study: SolarWinds Supply-chain
cybersecurity situation in 2020 against the backdrop of global trends and events. Glossary 58
CSA utilises multiple data sources to provide clarity on the common cyber threats Breach 26
observed in Singapore’s cyberspace. CSA does not specifically endorse any third- Contact Details 61
Case Study: Ransomware Incidents in
party claim made in this material or related references, and the opinions expressed
by third-parties are theirs alone. The enclosed facts, statistics and analyses are Small and Medium Enterprises 27
based on information available at the time of publication. The contents of this Case Study: Spate of Data Breaches
publication are provided on an “as is” basis without warranties of any kind. To the
fullest extent permitted by law, CSA does not warrant and hereby disclaims any Affecting Local Enterprises 28
warranty as to the accuracy, correctness, reliability, timeliness, noninfringement, Case Study: Malicious Cyber Activity
title, merchantability or fitness for any particular purpose of the contents of this
publication. CSA shall also not be liable for any damage or loss of any kind caused Targeting Public Agencies 29
as a result (direct or indirect) of the use of the publication, including but not limited Case Study: Cyber Scams Targeting the
to any damage or loss suffered as a result of reliance on the contents contained in
the publication. CSA also reserves the right to refine its analyses as the threat Man-in-the-Street 29
situation evolves, and/or as further information is made available.
SINGAPORE CYBER LANDSCAPE 2020 3
Foreword
service providers and key firms grabbed global SolarWinds incident was first disclosed, CSA
headlines. Ransomware is no longer a sporadic immediately raised the alert level and apprised all
nuisance, affecting a handful of machines. It has CII sector leads of the situation, and worked with
been transformed into a massive, systemic threat them to step up vigilance and daily monitoring.
affecting entire networks of large enterprises.
This is now a major security issue that affects The fight against COVID-19 is far from over. For
Critical Information Infrastructure (CII) sectors Singapore to emerge stronger from this “crisis
and nations. of a generation” that is COVID-19 and reap the
benefits of a digitalised economy, cybersecurity
Taken together, these shifts in our threat will be front and center. We will continue to
landscape over the past year underscore the drive and implement cybersecurity measures to
diverse challenges in cybersecurity, which must support our businesses and individuals, boost
be met by a whole-of-society effort and collective the resilience of our CII sectors, and work with
responsibility between stakeholders in the public international partners to coordinate cross-border
and private sectors. The Government has and efforts to combat cybercrime. CSA looks forward
“It was the best of times, it was the worst of when the tumultuous year seemed to be winding will always take the lead in national cybersecurity to working with partners from the public and
times.” So began A Tale of Two Cities, one of the down, the tail end of 2020 witnessed the efforts. In 2020, the Cyber Security Agency private sectors, both locally and internationally,
best-known works of the great English writer game-changing SolarWinds cyber incident, in (CSA) launched Singapore’s Safer Cyberspace to co-create a safe, secure and resilient
Charles Dickens. This could easily apply to the which hackers managed to gain access to many Masterplan, which laid out a blueprint to better cyberspace.
year 2020, a transformative year that will be organisations by first compromising a trusted protect Singaporeans and our enterprises in the
remembered for COVID-19 and the sweeping supplier. Cybersecurity threats to supply chains online space. The Masterplan aspired to enhance Cybersecurity is a Team Sport. In fact, it is
changes it engendered. On the digital front, have been around for more than a decade, the general level of cybersecurity in Singapore, an International Team Sport. I look forward
the pandemic accelerated digitalisation efforts but the impact of the SolarWinds attack was and included initiatives such as the SG Cyber to partnering with all of you in this common
worldwide, impacting how we live, work and unprecedented. Although there is no indication Safe programme to help firms improve their endeavour.
interact with one another. New apps and software to date that Singapore was targeted, the incident cybersecurity posture, and the Cybersecurity
were quickly developed to facilitate the needs is a stark reminder of the cybersecurity risks that Labelling Scheme to raise cyber hygiene levels #EmergingStronger #SGCyberSecure
of entire populations living in lockdown and for all companies – big and small – face within their for smart devices.
contact tracing. supply chains and when engaging third-party
vendors, which is a near-certainty in today’s CSA also undertook other steps to augment our
Unfortunately, with accelerated digitalisation highly-interconnected global economy. collective cybersecurity in spite of the pandemic,
came cybersecurity challenges and threats as outlined in this Singapore Cyber Landscape
businesses and activities increasingly shifted People who thought that 2021 would be any publication. CSA worked with our partner
online. Globally, state-sponsored Advanced different were quickly proven wrong. A number agencies, like the Government Technology
Persistent Threat groups carried out a number of high-profile data leaks affecting local Agency of Singapore and the Infocomm Media
of high-profile attacks on vaccine-related organisations carried right over into the new Development Authority, to ensure that contact David Koh
research, while cybercriminals capitalised on year. The causes include technical and human tracing apps and digital solutions were securely Commissioner of Cybersecurity and
Chief Executive
the widespread anxiety and fear wrought by error, as well as opportunistic hacks. Like supply- implemented. Notably, Singapore organised our Cyber Security Agency of Singapore
the pandemic to conduct phishing campaigns chain attacks, data leaks are not new, but have 18th General Election amid the pandemic, the first
and ransomware attacks for financial gain. Such been occurring at an increasing frequency and General Election where political campaigning
trends were mirrored in the local cyber threat at scale. However, it would be ransomware activities were conducted mainly online – and
landscape, which saw spikes in both ransomware that dominates the headlines in 2021 so far. A which CSA helped to secure from a cybersecurity
and COVID-19-related phishing activities. Just spate of high-profile attacks against essential perspective. At the end of the year, when the
4 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 5
ONLINE CHEATING
Overview of 2020: 12,251
CYBERCRIME
Cyber
2019: 7,580
IN SINGAPORE 2018: 4,928
Threats 16,117
Cybercrime cases accounted for
COMPUTER MISUSE ACT
2020: 3,621
in 2020 43%
2019: 1,701
2018: 1,207
of overall crime in 2020
CYBER EXTORTION
WEBSITE 2020: 245
DEFACEMENTS 2019: 68
495
2018: 80
‘.sg’ websites were defaced, a sharp decrease
of 43% from 873 cases in 2019
RANSOMWARE
89 ransomware cases were reported to CSA, with
cases hailing from the manufacturing, retail and
healthcare sectors. This was a significant rise of
154% in cases over the whole of 2019
C&C SERVERS AND
BOTNET DRONES
PHISHING
1,026 unique and locally hosted
C&C servers were
discovered, a spike from
530 recorded in 2019
47,000 6,600
phishing URLs1 with a Singapore-
link were detected. A slight
COMMONLY SPOOFED
decrease of 1% as compared to 2019 SECTORS About
botnet drones were observed daily on average in
COMMONLY SPOOFED TECHNOLOGY
GOVERNMENT ORGANISATIONS
2020, also a significant increase from 2019’s daily
IN SINGAPORE: average of 2,300
MINISTRY OF EDUCATION (MOE) BANKING AND
NUMBER OF CASES FINANCIAL SERVICES
SINGCERT HANDLED IN MINISTRY OF MANPOWER (MOM)
2020: 9,080 SINGAPORE POLICE FORCE (SPF)
SOCIAL
NETWORKING FIRMS
2019: 8,491
AMAZON, PAYPAL AND FACEBOOK
1. URLs — Uniform Resource Locators; colloquially termed web addresses. WERE COMMONLY SPOOFED BRANDS
6 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 7
Spotlight on
Cyber Threats
In 2020, the global cybersecurity landscape was
fraught with malicious cyber activities such as
ransomware and phishing – a significant portion
of which fed off and took advantage of the
Coronavirus outbreak. Late in the year however,
the world would be further stunned by news
of a supply-chain breach that left thousands
of companies worldwide vulnerable to attack.
Spotlight on Cyber Threats delves into two
pivotal cybersecurity issues in 2020 – the cyber-
repercussions of the COVID-19 pandemic, and
the SolarWinds supply-chain attack.
8 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 9
SPOTLIGHT ON CYBER THREATS
Throughout 2020, threat actors capitalised on a series of COVID-19-related milestones
Stalking the to carry out their malicious cyber activities. In Singapore, observations of COVID-
19-related cyber threats, such as phishing and ransomware, were generally in line
Pandemic Trajectory
with global trends and coincided with the rise of work-from-home arrangements, as
individuals and businesses adopted new technologies to maintain business continuity.
With the increasing reliance on digital infrastructure and keen public interest in
vaccine developments and distribution, threat actors are likely to continue adjusting
their tactics to match the pandemic’s trajectory2.
Intensification of vaccine-related
cyber incidents
Peak in phishing lures
Global Observations targeting homebound Three APT* groups reportedly targeted
individuals, relief and seven COVID-19 vaccine makers.
stimulus measures. Pivot to exploit vulnerabilities in
Cyber espionage and ransomware
contact tracing app technology.
Ransomware escalated. attacks targeted vaccine research
centres, regulatory bodies (European
Telecommuting
Rise in data leaks and credentials put Medicines Agency hack), and vaccine
workforce and online
up for sale. distribution channels.
users constantly
Customisation of lures.
Cyber espionage of COVID-19 targeted by social Authorities warned of surge in
Healthcare sector a key target. research heated up. engineering lures. vaccine-related cybercrime.
Dec 2019 - Mar 2020 Mar - May 2020 Jun - Jul 2020 Aug - Dec 2020
Coronavirus spread across the More than one-third of humanity Global cases surpassed 10M. Resurgence of cases globally
globe. Singapore reported first under some form of lockdown. Singapore moved into Phase 2 of as countries try to restart
case. World Health Organisation Singapore’s Circuit Breaker reopening. Countries started to economies. Rollout of approved
declared COVID-19 a pandemic. measures kicked in. ease lockdown measures. vaccines globally.
Spike in COVID-19- Key targets: 12 fake COVID-19 contact Increasing trend
Local Observations related phishing, scams Healthcare, tracing apps, including of Business Email
and ransomware cases. Education. fake TraceTogether Compromise
app, with the ability to (BEC) and data
Zoom for home-based deliver malware detected. breaches/leaks.
teaching suspended after
2. The observations covered in the timeline were derived from reports
lesson hijacking incident. Singapore a target of global phishing Alert by Singapore Police Force
from cybersecurity firms, online sources and media reports.
*Advanced Persistent Threat. campaign on government support. warning of vaccination scams.
10 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 11SPOTLIGHT ON CYBER THREATS SPOTLIGHT ON CYBER THREATS
Effects of COVID-19 on the
Cybersecurity Landscape Widened Attack
Surface Bodes Ill for
Data Security
The commencement of government-enforced
lockdowns caused consumers and employees
COVID-19 and its Impact to migrate to remote working en masse, often
hastily, to minimise physical contact and the
on Global Cybercrime spread of COVID-19. This had two important
implications for cybersecurity. First, this
CONTRIBUTION BY THE SINGAPORE POLICE abrupt migration forced enterprises to adopt
FORCE technological solutions and workarounds, such
as cloud-based storage and video conferencing
The ongoing COVID-19 pandemic sparked a platforms, to facilitate telecommuting. The
global surge in cybercrime in 2020. People need to maintain business continuity meant
and businesses shifted activities online due to companies had little time to stress-test the
social distancing requirements in the physical cybersecurity of the underlying technology
world. The digital acceleration provided more and new work processes. Second, this sudden
opportunities for cybercriminals to exploit shift also greatly expanded the cyber-attack
victims through vectors such as Business E-mail In Singapore:
surface, as the spike in telecommuters resulted
384
Compromise (BEC) scams and security intrusions COVID-19-related scams in a much larger pool of potential targets for
via Internet-of-Things (IoT) devices. This shift in reported in 2020 hackers. US telecommunications firm Verizon
the cyber threat landscape can be expected to reported that for the period between March
continue for the foreseeable future, as remote population inoculation plans across the world, the 2020 and June 2020, 474 data breaches were
working measures and online transactions use of contextual criminal lures in phishing will recorded globally, of which 36 incidents were
become even more prevalent in 2021. likely remain a favoured tactic. identified as being directly related to the
pandemic7.
Cybercriminals were swift to exploit fears and Meanwhile, as fears and anxieties around
anxieties about COVID-19 to deceive victims3. These COVID-19 persist, cyberspace could become With the upwelling of online transactions
included the impersonation of government or health fertile ground for contention and provocation. brought about by more people shifting work and
agencies4, and creation of thousands of malicious Digitalisation has sped up and widened leisure activities online, the attack surface has
COVID-19-related websites for credentials theft, the deliberate circulation of fake news and further expanded, providing more avenues for
malware distribution, and fraudulent peddling misinformation, which reinforces existing tensions threat actors to exploit. In Singapore, several Another development that is becoming
of fake cures and vaccines5. As the pandemic and prejudices. Cyberspace may end up hosting local companies were affected by data breaches increasingly correlated with the increase in data
continues to afflict nations, and amidst the launch points for cyber-attacks6 and hybridised and leaks. The causes ranged from security breaches is the rise in ransomware attacks.
development of vaccines and implementation of criminal threats against the physical world. lapses with third-party service providers to The frequency of data breaches is expected to
cloud assets that were accessible from the remain high, especially as ransomware operators
open Web. Hackers were also observed to be widely adopt the tactic of threatening to leak
selling the stolen data on hacker forums. data if their ransom demands are not acceded to.
3. “COVID cybercrime: 10 disturbing statistics to keep you awake 5.“Thousands of COVID-19 scam and malware sites are being created
tonight”, 15 September 2020 - https://www.zdnet.com/article/ten- on a daily basis”, 18 March 2020 - https://www.zdnet.com/article/
disturbing-coronavirus-related-cybercrime-statistics-to-keep-you- thousands-of-covid-19-scam-and-malware-sites-are-being-created-
7. “Analysing the COVID-19 data breach landscape”, 4 August 2020 for their Vocabulary for Event Recording and Incident Sharing (VERIS)
awake-tonight/. on-a-daily-basis/.
- https://enterprise.verizon.com/en-sg/resources/articles/analyzing- Community Database (VCDB) project. Verizon noted that this article
4. “COVID-19 Phishing Update: Threat Actors Impersonating CDC, WHO”, 6. “INTERPOL report shows alarming rate of cyberattacks during
covid-19-data-breach-landscape/. Verizon collected non-incident is not solely based on data, but also includes their observations and
26 March 2020 - https://info.phishlabs.com/blog/covid-19-phishing- COVID-19”, 4 August 2020 - https://www.interpol.int/en/News-and-
data from contributors (Recorded Future and KnowBe4) and obtained anecdotal sources.
update-threat-actors-target-cdc-who. Events/News/2020/INTERPOL-report-shows-alarming-rate-of-
incident data in the form of 35 publicly disclosed incidents gathered
cyberattacks-during-COVID-19.
12
12 SINGAPORE
SINGAPORECYBER
CYBERLANDSCAPE
LANDSCAPE2020
2020 SINGAPORE CYBER LANDSCAPE 2020 13SPOTLIGHT ON CYBER THREATS SPOTLIGHT ON CYBER THREATS
Intensification of
Vaccine-related
Cyber-attacks
The various global efforts to The Contact Tracing
develop an effective vaccine for Conundrum
COVID-19 have led cyber threat
actors to expand their operations to Historically, contact tracing has been core to
encompass the entire vaccine value- disease control efforts. Research has shown that
chain, including research, production, disease transmission can be reduced through
regulation and distribution. the tracing and isolation of a sick person as
swiftly as possible. Globally however, many
Firms within this supply chain are likely to contact tracing apps developed in response to
remain prime targets for both state-sponsored the COVID-19 pandemic have been fraught with
The Contact Tracing Con
threat actors and financially motivated adoption obstacles, fuelled by reports of app
cybercriminals. In November 2020, Microsoft With the stolen credentials, threat actors may In early June 2020, cyber researchers
vulnerabilities.
reported that several state-sponsored APT be able to gain access to corporate networks uncovered fake COVID-19 contact
groups had targeted seven companies directly and sensitive information related to vaccine tracing apps that imitated the Android
The pressure that governments worldwide faced
involved in COVID-19 vaccine research and distribution. versions of 12 official government-
in quickly developing contact tracing systems to
development, for the purpose of data theft8. issued apps10, including Singapore’s
contain the spread of the virus often led them to
At around the same time, Europe’s drug Successful attacks against organisations in the TraceTogether. Sophisticated threat
prioritise functionality over security. Throughout
regulator, the European Medicines Agency, was healthcare, pharmaceutical and other sectors actors were exploiting the COVID-19
2020, security researchers reported bugs and
breached by hackers who “unlawfully accessed” involved in pandemic response could severely theme by developing fake apps with the
vulnerabilities in official contact tracing apps
documents related to Pfizer and BioNTech’s hamper frontline COVID-19 recovery efforts. aim of compromising and harvesting
that a number of countries introduced, ranging
COVID-19 vaccine. Global law enforcement agencies9 have issued information stored on victims’ devices.
from leaving the data that the app collected
alerts warning of a surge in organised crime The fake apps were distributed by
unencrypted, to letting hackers modify the data
Cybercriminals did not waste any chance to activity tied to COVID-19 vaccines, including various threat actors through other
of persons currently in quarantine. In response,
exploit the pandemic as the distribution of schemes to sell counterfeit vaccines on the channels outside the official Google
UK’s National Cyber Security Centre (NCSC)
COVID-19 vaccines ramped up towards the end Dark Web, as well as cyber-attacks targeting Play Store (e.g. third-party app stores).
and the team behind the UK government’s
of 2020. IBM Security warned of a sophisticated supply-chain companies. Locally, the Singapore Such schemes demonstrated how
contact tracing app (NHSX) published the
global phishing campaign which tried to Police Force (SPF) urged public vigilance threat actors were able to exploit
technical details of the app including its code,
harvest credentials from companies across towards vaccination-related scams as the the trust that people placed in apps
to demonstrate the app’s capabilities and to get
six different countries specialising in the “cold Ministry of Health (MOH) commenced nationwide released by government agencies.
peer review through a vulnerability disclosure
chain” logistics to transport COVID-19 vaccines. vaccination operations in February 2021. programme.
8. “APT Groups Target Firms Working on COVID-19 Vaccines”, 9. Interpol warned of the organized crime threat to COVID-19 vaccines 10. “Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal Data”,
13 November 2020 - https://www.bankinfosecurity.com/microsoft- and Europol warned that the COVID-19 vaccine rollout will be 10 June 2020 - https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-
warning-a-15363. vulnerable to fraud and theft. steal-personal-data.
14 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 15SPOTLIGHT ON CYBER THREATS SPOTLIGHT ON CYBER THREATS
TOPICAL FOCUS
Phishing and COVID-19
1% URLS FROM 2019
TraceTogether App –
Behind the Scenes
CONTRIBUTION BY GOVERNMENT
TECHNOLOGY AGENCY OF SINGAPORE
TraceTogether was developed by the
Government Technology Agency (GovTech)
and the Ministry of Health (MOH) to support
Singapore’s response to the COVID-19 pandemic had been implemented, CSG proceeded to
and facilitate faster contact tracing to curb the conduct a series of security assessments
spread of the virus. Citizens could choose from to validate the effectiveness of security NUMBER OF SINGAPORE-HOSTED
two options – mobile app or physical token. The measures and uncover vulnerabilities for timely About 47,000 unique phishing URLs were PHISHING SITES IN 2020
mobile app was developed in a short span of remediation with the support of the Smart Nation observed in 2020, a slight decrease compared
10,000
eight weeks and released on 20 March 2020. and Digital Government Group (SNDGG), MOH, to the three-year record high of 47,500 URLs
CSA and other Government security agencies. seen in 2019. Of these, more than half of the
Due to the critical role of TraceTogether in This agile and collaborative security assessment organisations spoofed were big technology
Singapore’s contact tracing efforts, it was approach ensured the successful and swift or social networking firms (such as Apple,
paramount to ensure that security was taken delivery of a secure TraceTogether product. Facebook, LinkedIn and WhatsApp) and entities
into consideration even with the rapid pace in the banking and financial sector (Chase
of development. GovTech’s Cyber Security In total, CSG helped to assess and enhance the Personal Banking, PayPal and Bank of America). 0
Group (CSG) collaborated with its developers security of over 30 apps, amongst which were
JAN
FEB
MAR
APR
MAY
JUN
JUL
AUG
SEP
OCT
NOV
DEC
throughout the development process to ensure the TraceTogether, SafeEntry and GoWhere.sg For the government sector, the SPF, the
that security was built into the design, and not product suites. These security assessments Ministry of Manpower (MOM), and the Ministry
as an afterthought. In addition, active security spanned diverse domains, including web/ of Education (MOE) remained the three most
testing enabled vulnerabilities to be discovered mobile app, IoT and cloud. Reflecting the spirit commonly spoofed Singapore government COMMONLY TARGETED ORGANISATIONS
and remediated early. TraceTogether Tokens of SGUnited, this was achieved through the agencies. Many of these cases were phishing
are also labelled under Level Four of CSA’s collaborative efforts of multiple Government e-mails spoofing these government agencies, SOCIAL
TECHNOLOGY NETWORKING
Cybersecurity Labelling Scheme (CLS), which agencies. in attempts to elicit favourable responses by
FIRMS
means the Tokens are secure by design. invoking authority.
As the COVID-19 situation evolves, CSG will Apple, Facebook, LinkedIn and WhatsApp
CSG considered security and privacy continue to work closely with Government Facebook was overall the top spoofed brand in
requirements while designing the software, agencies to bolster the security of key 2020, especially in the months of September
hardware, communication channels and backend technological enablers that support Singapore’s to December 2020. This could be due to threat BANKING AND
architecture of TraceTogether. Once the design actors leveraging Facebook’s announcement in FINANCIAL SECTOR
fight against the pandemic.
September that they would be offering US$100 Chase Personal Banking, PayPal and
million in grants to businesses in over 30 Bank of America
countries affected by the COVID-19 pandemic.
16
16 SINGAPORE
SINGAPORECYBER
CYBERLANDSCAPE
LANDSCAPE2020
2020 SINGAPORE CYBER LANDSCAPE 2020 17SPOTLIGHT ON CYBER THREATS SPOTLIGHT ON CYBER THREATS
TOPICAL FOCUS
Ransomware and COVID-19
154% CASES FROM 2019
COVID-19 Sparks Spike in Ransomware types observed
include older variants such as
Phishing Lures, Singapore Dharma/CrySIS, CryptoLocker
Not Spared and GlobeImposter, as well as
newer ones such as Netwalker
and REvil/Sodinokibi
Globally, 2020 saw a surge in phishing
campaigns that leveraged pandemic-
related references and spoofed relevant strains accessible to less technically-adept
health authorities (such as the World Health some 1,500 malicious URLs observed – more cybercriminals.
Organisation). The range of themes broadened than double the number from the preceding
to capitalise on increased demands for quarter. The increase was likely due to hackers Indeed, ransomware strains detected in local
services – including popular online shopping, attempting to spoof entities and services that 89 ransomware cases were reported to CSA ransomware cases, such as REvil and Netwalker,
streaming and web conferencing services (e.g. were in greater demand during Singapore’s in 2020, a significant increase from 35 cases were observed to both operate under the RaaS
Amazon, Netflix, Zoom) – as countries entered circuit breaker period, which included online reported in 2019. While most of the cases model and leverage leak sites to pressure victims
government-enforced lockdowns to halt the retail and payment portals. reported were from Small-and-Medium into paying their ransoms. As these trends gain
spread of COVID-19. Enterprises (SMEs), ransomware operators were further traction, Singapore organisations need
This trend tapered off in July 2020 as observed to be fishing for larger victims in the to be increasingly vigilant against cyber threats.
In Singapore, while the overall volume of cybercriminals switched tactics to exploit public manufacturing, retail and healthcare sectors. Beyond just backing up data regularly and storing
malicious phishing URLs remained comparable interest in key events and developments. The it offline, organisations and companies need to
to the record-high seen in 2019, COVID-19 number of phishing sites continued to rise Based on the reported ransomware cases, put in place strong preventive measures to defend
themes very likely accounted for over 4,700 towards the end of the year, likely the work of these local incidents were likely related to, against the BGH trend. Ransomware no longer
of these malicious URLs spoofing local cybercriminals capitalising on developments and a consequence of, the global ransomware means a straightforward denial of access to one’s
organisations. such as COVID-19 vaccine research and outbreak. This latter phenomenon bore three data and systems, but now entails consequences
distribution, relief efforts, as well as increased distinct characteristics exemplifying the that are more akin to a data breach.
This malicious activity was most pronounced e-commerce activities during the holiday evolution of ransomware activities: (a) shifting
in the period between March to May 2020, with sales season. from indiscriminate, opportunistic attacks NUMBER OF RANSOMWARE CASES
to more targeted “Big Game Hunting (BGH)”, REPORTED TO CSA IN 2020
i.e. targeting large businesses in hope of
80
higher ransom pay-outs; (b) the adoption of
“leak and shame” tactics, whereby victims’
stolen data would be publicly leaked if ransom
demands were not acceded to; and (c) rise in
“Ransomware-as-a-Service” (RaaS)11 models,
0
which made sophisticated ransomware
1H2019 2H2019 1H2020 2H2020
11. “Ransomware-as-a-Service” employs an affiliate scheme where hackers focus on malware development, while relying on third parties to distribute
their malware for a share of the ransomware “profits”.
18 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 19SPOTLIGHT ON CYBER THREATS SPOTLIGHT ON CYBER THREATS
The SolarWinds Supply-
chain Breach and Fallout
A Double Dose of
Coronavirus and Anatomy of the SolarWinds
Ransomware Supply-Chain Attack
The pervasiveness of ransomware was never The hackers were patient and
more pronounced than in 2020, as ransomware prioritised stealth to minimise exposure
cartels innovated their tactics at an accelerating of their operations. Once inside the
pace to ride on the pandemic wave. Globally, victims’ networks, the hackers looked
cyber researchers reported that ransomware for ways to escalate their privilege16,
incidents had increased 715 per cent year- allowing them to abuse authentication
on-year12 in the first half of 2020; by the third mechanisms. They were observed
quarter, there had been a 50 per cent increase to forge trusted tokens, which could
in the daily average of ransomware attacks grant them unrestricted access to the
compared to the first half of the year13. The victims’ networks, as well as assets
average ransom payment also saw a steady rise housed in the cloud, such as e-mails.
since the beginning of 202014 as ransomware Notably, the monthly average number of local Towards the tail end of 2020, the world In this way, the hackers could roam
operators scaled their tactics to target large cases increased from April 2020, coinciding witnessed the uncovering of a massive supply- the targeted network at will, as if they
enterprises. with the rise in work-from-home arrangements chain attack where hackers targeted victims were a trusted employee. This made
during the circuit breaker and post-circuit through their trusted vendor, US-based company it extremely difficult to detect their
Globally, a spate of ransomware incidents was breaker period. It is possible that the rise SolarWinds, a dominant industry player which presence within the network.
also observed targeting essential healthcare in telecommuters and adoption of insecure provides computer network monitoring services
services during the pandemic, which caused practices to get work done during the prolonged to corporations and government agencies
disruption to several medical facilities and lockdown periods contributed to the spike in around the world. Hackers infiltrated SolarWinds’
hospitals. There were instances where data was ransomware cases. It is also observed that production network and implanted malicious Around 18,000 organisations downloaded
stolen from affected entities, in furtherance of cybercriminals increasingly formed extortion code15 into software updates from Orion, the tainted update and were exposed to the
the “leak and shame” tactic. One of the most cartels to collaborate and exchange tactics and SolarWinds’ key network management software. injected malware, which researchers named
high-profile cases happened to Düsseldorf intelligence. Any organisation that downloaded the tainted Sunburst. Of these, cybersecurity experts
University Hospital where a ransomware attack updates effectively gave the hackers a backdoor believed that the hackers targeted a much
disrupted its treatment and emergency services, With the shift in global focus to vaccine into its network. The impact was worsened by smaller group with follow-on activity. This
as well as its IT systems. An emergency patient development and rollouts, ransomware the fact that the network management platform smaller group comprised mainly US-based
had to be transferred to another hospital for operators are likely to evolve their campaigns was commonly used by numerous Fortune entities – US government agencies and leading
treatment, and the delay in receiving care might accordingly and target the vaccine-related 500 corporations and government agencies technology companies, including the likes of
have contributed to her death. supply chains and industries. worldwide. Cisco, Microsoft and VMWare.
12. “Bitdefender Mid-Year Threat Landscape Report 2020”, 6 April 2021 14. “Ransomware Demands continue to rise as Data Exfiltration 15. “Global Intrusion Campaign Leverages Software Supply Chain 16. Privilege escalation is an intrusion by unauthorised users by exploiting
- https://www.bitdefender.com/files/News/CaseStudies/study/366/ becomes common, and Maze subdues”, 4 November 2020 - Compromise”, 13 December 2020 - https://www.fireeye.com/ bug or vulnerabilities to gain elevated access status.
Bitdefender-Mid-Year-Threat-Landscape-Report-2020.pdf. https://www.coveware.com/blog/q3-2020-ransomware- blog/products-and-services/2020/12/global-intrusion-campaign-
13. “Global surges in Ransomware Attacks”, 6 October 2020 - https://blog. marketplace-report#payment. leverages-software-supply-chain-compromise.html.
checkpoint.com/2020/10/06/study-global-rise-in-ransomware-attacks/.
20 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 21SPOTLIGHT ON CYBER THREATS SPOTLIGHT ON CYBER THREATS
What is SUNBURST and how does it work?
Malware subverts and abuses trust within networks and systems
Gains initial Lies dormant to Gathers system Gains privileged Leverages Forges trusted
access to on- evade detection; info; calls out access in privileged authentications
premises network subsequently to C2 server; components of access to abuse to access cloud
through the conducts extensive sends info to the federated federated assets/resources
compromised checks to ensure and receives single sign-on authentication
software update it is in the targeted commands from infrastructure mechanisms
environment C2 server
Manipulating trust in federated authentication environments to gain access to protected information in the cloud, and
potentially broader access to data across network (on-premises or in the cloud)
The Chain Reaction The Domino Effect TAKEAWAYS
Supply-chain attacks are insidious and difficult to upstream vectors. In addition, the complexity of The compromise of a single, trusted supplier The SolarWinds breach fundamentally
guard against because the attacks compromise modern supply chains makes defending against – or a popular and widely-used product – can arose from a vulnerability in trusted
part of the trusted information technology (IT) such attacks extremely difficult. While such result in multiple victims, some of which could be software exploited by a sophisticated and
ecosystem. These often bypass organisations’ attacks are not new, they are becoming more major vendors themselves. The SolarWinds hack advanced threat actor. Adeptly undermining
cybersecurity defences, slipping in through sophisticated. rendered large tech firms like Cisco Systems, authentication mechanisms, the hackers
Intel Corp and Microsoft susceptible to a second- were able to disguise themselves as
level breach, whereby the attacker could further legitimate users in the network. To deal
NOTABLE SUPPLY-CHAIN ATTACKS compromise other supply chains independent and with such threats, there is a need to
distinct from SolarWinds’. This could potentially constantly monitor for anomalous activities
• Over one million ASUS users17 were victims was global shipping conglomerate impact a far greater number of organisations and and behaviour within networks. In the
potentially impacted after attackers Maersk. The company suffered severe victims worldwide. longer run, the ‘zero-trust’ model19 would
managed to inject a backdoor in the ASUS disruption to its operations and restored be crucial to enhancing organisations’
Live Update utility in a sophisticated supply- them only after 10 days as the ransomware cybersecurity posture against similar
chain attack which took place in 2018, but spread throughout the core IT systems and threats. In addition, the cybersecurity of
was only discovered in early 2019. To hide prevented data access. supply chains is not purely an IT problem.
the malicious activity, the actors also used Organisations will also need to adopt sound
a stolen digital certificate that ASUS signed • In the third quarter of 2017, threat actors cybersecurity practices and processes
legitimate binaries with. infiltrated popular software NetSarang and in sourcing, vendor management and
CCleaner, and corrupted software updates evaluation of supply-chain quality across
• The actors behind the NotPetya incident to deliver malware to their customers. multiple functions.
in June 201718 targeted the update These attacks were significant as these
server of a widely deployed accounting software products were widely used by
software, M.E.Doc, to deliver the NotPetya businesses and individuals, and affected
ransomware. One of its most high-profile millions of users worldwide.
17. “Supply-chain Attack Used to Install Backdoors on ASUS Computers”, 18. “The Chain Reaction”, 4 May 2020 - https://www.csa.gov.sg/singcert/ 19. Zero-trust is a concept of network design that embraces two core and (ii) least-privilege access – users being given only as much
25 March 2019 - https://www.securityweek.com/supply-chain-attack- publications/the-chain-reaction. principles: (i) trust no one – a regime of constant authentication and access as they need, to minimise each user’s exposure to sensitive
used-install-backdoors-asus-computers. monitoring within a network, with continuous visibility and analytics; parts of the network.
22 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 23WWW.TARGET.SG
2020 proved to be a highly eventful year both in the
physical and virtual worlds. As Singapore hunkered
down to deal with the COVID-19 outbreak, the local
cyber threat landscape saw an array of malicious
cyber activities, many of which attempted to
capitalise on the ongoing pandemic. In addition to
ransomware and phishing, the prevalence of botnets
and website defacements continued to be a cause
for concern. This section highlights several cyber
incidents in the form of case studies, observed trends
in our local cyber landscape, and what we can learn
from them.
24 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 25WWW.TARGET.SG WWW.TARGET.SG
Local Case Studies
Ransomware Incidents in Small
This section features selected case studies of companies and individuals that were compromised by and Medium Enterprises
various cyber threats, and lessons that can potentially avoid a recurrence.
SolarWinds Putting All Your Eggs in One Basket
Supply-chain What Happened? Follow-up Action
Breach In August 2020, staff from an F&B business A report was made to the Singapore Police
discovered that their company servers and Force (SPF), and the company was also given
devices were infected with NetWalker, a prevalent a list of cybersecurity companies to assist in
ransomware strain. The ransom note instructed remediation efforts. However, as both primary
the victim to visit a webpage on the Dark Web to and backup systems were affected by the
view the ransom demands. As the company had ransomware, the company was unable to
also stored its backups on the affected servers, recover its data and had to rebuild its IT system
none of its data could be recovered. from scratch.
TAKEAWAYS
Backing Up Instead of
Prevention is key to avoid falling victim to
Backing Down ransomware. Organisations need to put in
place strong preventive measures to secure
A Global Storm Blows Ashore What Happened? their systems. These include measures
In September 2020, a creative firm suffered a such as formulating a backup and recovery
ransomware infection resulting in the complete plan, performing data backups regularly,
What Happened? Follow-up Action shutdown of three database servers, as well storing data offline and not connected to the
The interdependencies of the global technology CSA investigated the incident and advised the as the encryption of files within these servers. organisation’s network as certain ransomware
supply chain meant that local systems were company on the proper remediation measures, None of its data was observed to have been variants can propagate across the network.
not spared the fallout from the SolarWinds including scanning for related Indicators of stolen. The ransomware involved, called
breach. On 23 December 2020, a local Compromise (IOCs) and running anti-virus scans JungleSec, was first discovered in late 2018
organisation was observed to have been on all systems. No further suspicious activities, and is rarely observed in Singapore. It is known from the previous day. The database servers
affected by the SolarWinds breach. One of the malicious processes or signs of intrusion were to infect servers through Intelligent Platform as well as their IPMI interfaces, including the
affected organisation’s IT systems – which had found. Management Interface (IPMI)21 cards. unaffected ones, were isolated and access was
SolarWinds Orion installed – had downloaded
further tightened. A cybersecurity firm was
the infected update and thus became exposed
to the malware. However, the hackers were
Follow-up Action engaged to assist with containment measures,
All three database servers were taken down review the company’s data protection policies
subsequently found to have “deactivated”20 the
and reformatted immediately after the incident. and processes, and conduct vulnerability
malware, possibly indicating that they were not
The databases were rebuilt from a backup assessment and penetration testing.
interested in the organisation.
20. Deactivated mode is when the malware has been disabled and will no longer perform any network activity. 21. IPMI is a set of computer interface specifications which are built into server motherboards or installed as an add-on card and allows remote
administration of a computer.
26 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 27WWW.TARGET.SG WWW.TARGET.SG
Spate of Data Breaches Malicious Cyber Activity
Affecting Local Enterprises Targeting Public Agencies
Phished by a “Colleague”
What Happened?
Data Breaches Hit Home In early 2020, an officer from a statutory board
received e-mails from a colleague’s e-mail account
What Happened? requesting for an urgent transfer of more than Follow-up Action
In 2020, several Singapore-based enterprises $1 million dollars to an unfamiliar bank account. The incident was reported to the SPF. Upon
were targeted by hackers, resulting in a series of This suspicious request startled the officer, who discovery, the credentials of the compromised
data breaches involving sensitive customer data. reported the e-mail. He did not transfer the money. e-mail account were reset to deny the hacker
In one case, over one million accounts in a local Investigations revealed that a cybercriminal had access. As a precaution, all officers in the
firm’s customer database were affected. The gained access to his colleague’s account through statutory board were advised to change their
database included the names, phone numbers a phishing e-mail, and sent a total of six e-mails to e-mail account credentials, and notices were
and addresses, account passwords (which were other staff to trick them into transferring money to issued to enhance employee awareness about
TAKEAWAYS
encrypted) and financial details of the company’s the bank account. phishing scams.
customers, which was later put up for sale online. Threat actors are constantly probing for
The database, which was illegally accessed, weak links to access, exfiltrate and monetise
had been hosted on a third-party cloud service stolen credentials and personal data. With
provider. COVID-19 shifting transactions and services Cyber Scams Targeting the Man-in-the-Street
online, organisations have come to rely
Follow-up Action heavily on Internet-based workarounds
such as cloud and mobile services, resulting
Whats-Hacked! TAKEAWAYS
The firm reported the incident to the Personal
Data Protection Commission (PDPC) and in increased risks for both enterprises and The case studies highlight the prevalence
worked closely with the SPF on investigations. consumers. What Happened? of social engineering techniques, which
In 2020, several members of the public lost continue to be popular among cybercriminals
The company swiftly alerted all affected users
While there is generally no single cause for access to their WhatsApp (WA) accounts who are constantly customising their lures.
regarding the incident, commenced investigations
data breaches, there are typically several after falling prey to social engineering scams. Common attack vectors include bogus
and published a detailed statement on their
contributing factors. These include (a) Scammers contacted would-be victims and e-mails, compromised social messaging
website. They promptly blocked all unauthorised
errors by employees and/or insider threats; pretended to be friends or family members accounts and fake websites. Members of
access to the exposed database and engaged
(b) security lapses within third-party pleading for help: they had lost access to their the public are reminded never to share their
a commercial vendor to strengthen their
service providers; and (c) misconfigured WA accounts, and needed a six-digit verification OTPs with anyone.
cybersecurity measures.
cloud settings. Such practices can lead code that they had sent to victims’ phones.
to an organisation’s assets and services In reality, the scammers had sent a One-Time
becoming openly accessible to malicious Password (OTP) to transfer access of the Follow-up Action
threat actors, much like leaving one’s front victim’s WA account to the hacker’s own device. Both SingCERT and the SPF issued advisories
door open. This resulted in the victims being locked out of alerting members of the public to be aware
their WA accounts. The scammers then used of such scams and to protect themselves
the compromised accounts to message the by securing their WA accounts. Some of the
victim’s contacts for information such as credit measures include enabling the “Two-Step
card details or their OTPs sent to their mobile Verification” feature found in the settings of the
numbers, in order to hijack additional devices or app, and never sharing WA account verification
steal their victims’ money. codes with anyone.
28 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 29WWW.TARGET.SG WWW.TARGET.SG
TOPICAL FOCUS
Malicious Command and
Control (C&C) Servers and Malware
Malicious software intended to perform
Evolution of Emotet Malware
unauthorised processes that will have
adverse impact on the security of a
computer system.
in Singapore
94% CASES FROM 2019
A common thread among the malware families Cobalt Strike was originally a paid penetration
observed was their focus on post-compromise testing product that emulated adversarial threats
distribution and reliance on C&C call-backs to for cybersecurity researchers to test network
identify critical systems within networks. Once defences. However, it has since been abused
C&C Servers these systems were breached, threat actors by hackers to deploy malware through Cobalt
Centralised devices operated by attackers to would then deploy other payloads such as “beacons” planted on infected hosts.
maintain communications with compromised ransomware to lock up or exfiltrate sensitive
systems (known as botnets) within a targeted data and credentials. About 6,600 botnet drones with unique
network. Singapore IP addresses were observed daily on
Emotet operators appeared to follow a cyclical average, a significant increase from 2019’s daily
pattern, taking advantage of holiday periods average of 2,300. Mirai and Gamarue were the
(with increased Internet traffic and potentially key malware types that contributed to the
UNIQUE C&C SERVERS OBSERVED weaker network defences due to staff being spikes in daily observations, accounting for a
PER MONTH IN 2020 away22) to launch new campaigns23. This
increase was especially pronounced during the
600 holiday period from November to December
2020. In addition, Emotet operators also
Emotet and
2020 saw a sharp rise in the number of leveraged contextualised “phishing” lures
malicious C&C servers observed locally, not Cobalt Strike
capitalising on COVID-19-related themes such
least because of the resurgence of the Emotet as vaccine developments to lure potential malware
malware in the latter half of the year. This victims. They also partnered cybercriminal and accounted for
section provides an overview of the C&C server threat actor groups utilising Trickbot malware one-third of
and botnet drone threat landscape in 2020, 0 and Ryuk ransomware to carry out damaging
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC the malware
before turning the spotlight to Emotet and its cyber-attacks. International law enforcement
C&C servers
footprint in Singapore. operations successfully dismantled most of
observed.
was in part attributed to the increase in C&C Emotet’s infrastructure in January 2021, but
In 2020, CSA observed 1,026 unique C&C servers distributing Emotet and Cobalt Strike it remains to be seen if the malware has been
servers hosted in Singapore, a 94 per cent malware, which accounted for one-third of the eradicated for good.
increase in cases from 2019. The large increase malware C&C servers observed.
22. “GitHub-hosted malware calculates Cobalt Strike payload from Imgur 23. “Emotet returns just in time for Christmas”, 23 December 2020
pic”, 28 December 2020 - https://www.bleepingcomputer.com/ - https://blog.malwarebytes.com/cybercrime/2020/12/emotet-
news/security/github-hosted-malware-calculates-cobalt-strike- returns-just-in-time-for-christmas/.
payload-from-imgur-pic/.
30 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 31WWW.TARGET.SG WWW.TARGET.SG
The Evolution of Emotet
Bot/Botnet
An automated software program
used to carry out specific
What is Emotet? Deconstructing an Emotet Attack
tasks. A botnet is a network
Emotet is a sophisticated Trojan
of compromised computers
functioning as a downloader/dropper of 1 • Conducts reconnaissance to gain
infected with malicious bots, understanding of current affairs
other malware. Spread primarily through and topics of interest to target;
controlled as a group without the
phishing attacks using e-mails with contextualised lures are created.
owners’ knowledge.
malicious links or macro-embedded
attachments, Emotet has been involved
in multiple cyber-attacks since 2014. In
June 2019, a ransomware attack via an 2 • Spam emails with malicious
attachments or links are sent to victims.
Emotet-laced e-mail took out Lake City,
Florida’s local computer network, costing • Victims open documents with malicious
macros that download Emotet.
total of 25 per cent of infected Singapore IP launch DDoS attacks ; similarly, Gamarue
24
the city USD$460,000 to remediate.
• Other malicious payloads such as
addresses in 2020. continued to account for a significant proportion In 2020, the United Nations was also Trickbot and Ryuk are also delivered
of infected Singapore IP addresses in 2020 targeted by Emotet phishing campaigns. through backdoor vulnerabilities.
As with 2019, variants of the Mirai and Gamarue even though its bots have been dormant for
malware were most prevalent among infected several years, as Gamarue’s infrastructure
botnet IP addresses in 2020. Mirai infections was dismantled in an international operation Rise of Emotet 3 • Utilises various evasion techniques,
continued to stay strong with the growth of IoT in December 2017. However, as long as these lying dormant within sandbox
environments, waiting for opportune
devices locally, and new variants were observed systems remain infected, there is always the Emotet was initially a banking Trojan that moments to be triggered to achieve
to exploit known and recently discovered possibility that these dormant botnets would stole financial information from online maximum impact.
vulnerabilities alike. Globally, these malware be revived to carry out malicious activities. It is banking sessions. Its later iterations were • Leverages exploits (e.g. EternalBlue)
types were also observed to increasingly target crucial that users scan and clean their systems to move laterally within the victim’s
observed to possess capabilities beyond
IoT devices to create large botnet armies to network and identify key systems to
regularly to purge them of malware. mere information theft. As a banking serve as targets.
Trojan-turned-botnet, Emotet evolved
into a delivery platform for other malware,
100% targeting many governments and
4 • Connects to remote C&C servers,
90% organisations worldwide. Its resurgence downloads and installs additional
modules to steal credentials, spoof
80%
OTHERS in mid-2020 led to US authorities issuing
emails and proliferate across
an alert that labelled Emotet “one of the connected vunerable devices on
70%
most prevalent ongoing threats”. networks.
60% NYMAIM
• Malicious malware installed runs on
50% MIRAI each endpoint to achieve respective
MATSNU GAMARUE CONFICKER
40% objectives. In the case of a disruptive
attack, the malware causes networks
30%
to be shut down, or may encrypt files
20% while displaying a ransom note.
10%
0%
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
24. “Mirai variant Mukashi conducts Brute-Force Attacks against Vulnerable NAS Devices”, 23 March 2020 - https://securityintelligence.com/news/
mirai-variant-mukashi-conducts-brute-force-attacks-against-vulnerable-nas-devices/.
32 SINGAPORE CYBER LANDSCAPE 2020 SINGAPORE CYBER LANDSCAPE 2020 33You can also read
