Cybercrime is on the rise, stealthily targeting major institutions and wreaking havoc. Zetabytes of crucial data and millions of dollars are at stake. No one is safe, neither family offices in the US nor government institutions in Asia Pacific.
The following notable attacks on Singapore further strengthen this point.
As one of the Asia Pacific region’s major technology hubs, highly-networked Singapore is vulnerable to cyber crime attempts. Add in the widespread use of digital banking, and it becomes a low hanging fruit for hackers.
According to a report published by the Singapore Government, the Republic experienced 16 major/minor cyber attacks from April 2015 to June 2016. Sixteen attempts inside a year, means more than one attempt per month. Given that Singapore businesses and government institutions are becoming increasingly aware of the threat of cyber attacks; those are some pretty troubling numbers.
Below are the most significant cyber attacks that left the Lion City stunned:
The Messiah: 2013 Singapore Cyber Attacks (October – December, 2013)
You simply cannot compile a list about cyber attacks in Asia Pacific without mentioning the string of cyber attacks which occurred during the last quarter of 2013. This series of attacks caught the attention of worldwide media, due to the alleged association with the hacktivist organization ‘Anonymous’.
Several systems and portals were compromised and users were redirected to a suspicious page that inscribed a creepy notice. Later, an online handler under the pseudonym ‘The Messiah’ claimed responsibility for the attacks and was caught and arrested pending further investigation.
This high-profile case, and the facts surrounding it, compelled the Cyber Security Agency (CSA) to dedicate an entire Crimewatch episode to the attacks. CSA collaborated with the Singapore Police Force and the National Crime Prevention Council to re-enact this series of malicious hackings and the mastermind behind it.
MINDEF Cyber Breach (February 1, 2017)
This cyber attack at the Ministry of Defence (MINDEF) further proves that whether you are a medium-sized business or a fully-fledged government organization, cyber criminals spare no one. In fact, it’s a bonus if you can crack the country’s national defense systems; just imagine what you could do with this crucial, highly sensitive data.
The high-profile incident that occurred earlier this year involved the leaking of the personal details of approx. 850 national servicemen and personnel, including their Singapore ID numbers, telephone numbers, and birth dates. The attack was described by government officials as ‘targeted and carefully planned’.. The authorities speculated that the true motive behind this attack was to gain access to classified military data. These intentions were thwarted however, as the Mindef “I-Net System”, which provides internet access to servicemen and staff via dedicated computer terminals, is physically separated from the military’s own internal systems.
In this case, the cherry on the cake for the hackers was that the breach remained undetected for several weeks.
WannaCry Ransomware (May 14, 2017)
WannaCry a.k.a. the ransomware that crippled the world for three consecutive days, and compromised more than 3,000 systems globally, is probably considered one of the major cyber attacks of the decade.
The attack utilized malicious software ‘WannaCrypt0r 2.0’ which is built to exploit a certain vulnerability in Windows Operating System. Sensing this vulnerability, Microsoft had released a safety patch earlier this year. However, the majority of victims ignored the prior warnings.
Singapore was spared the brunt of the attack when compared to most parts of the world. About 500 IP addresses were compromised, however their confidential data was safe, much to everyone’s relief.
Rather than encrypting systems in major institutions, the WannaCry breach was limited to shopping malls and stores, such as TiongBahru Plaza, Orchard Central Desigual, and White Sands Shopping Centre.
Petya Ransomware (June 28, 2017)
Hot on the heels of WannaCry came Petya, a ransomware similar in structure but distinct in attacking method. This ‘new’ version was declared more dangerous, as it is programmed to encrypt the Master File Tree Tables for NTFS, overwriting the Master Boot Record and, to present a ransom note for $300 bitcoins to the user.
It spread through malicious emails with booby-trapped MS Office documents. The documents would then download and run the Petya installer and release the worm to spread pervasively.
The attack was global in nature but had very little impact on Singapore’s eleven major Critical Information Infrastructures (CIIs) and other government systems. Many companies, however, lost work hours after shutting down computers to deter ransomware.
K Box Data Breach (September 16, 2014)
The last mention would be the major breach that left K Box lovers panicking. The personal details of hundred and thousands of karaoke users were posted online, all available for public download. It spared no one – not even local celebrities. It contained their mobile numbers, ID numbers, and addresses.
The hacker organization ‘The Knowns’ breached the company’s membership details, posted them and then sent out emails to popular media outlets revealing the motive behind the breach. Apparently, this cyber attack was to portray the group’s displeasure over the increase in toll charges at the Woodlands Checkpoint connecting Singapore with Malaysia.
Most recently Singapore topped the list of country’s from which attacks are launched. This doesn’t suggest that Singaporeans are the hackers, but due to countries location, IT maturity and number of cloud-based Data Centers and virtual server resources, it has become the #1 launching point for Cyber Security attacks.
The bottom line is that we must all remain vigilant and announce breaches as soon as possible after they have been identified.
All these things point towards one common fact; your organization is not safe. Growing technology has revolutionized everything, from the way people work to how cybercriminals commit crimes. Installing simple anti-malware software is nowhere near enough to beat today’s uber-sophisticated hacking attempts.
We need advanced multi-layered solutions. After all, we are up against multiple factors and people; money-hungry outsiders and insiders with malicious intentions.
A nice way to begin will be to select a security provider that could provide you with end to end cyber security solutions- from the regular but essential anti-virus, anti-spyware, anti-phishing, intrusion prevention software, to more user-specific insider threat intelligence systems. Your selected software should also come equipped with backup and restore options in case something goes wrong.
Preparation is always better than cure; especially if the cure costs you millions of dollars!