Ransomware, cyber supply chain compromises key threats in 2022

Fri, 22nd Jul 2022

FYI, this story is more than a year old

Ensign InfoSecurity has unveiled the findings of its Cyber Threat Landscape 2022 report, which found that the Technology, Media, and Telecommunications (TMT) and Transport industry groups were the top targets for cyber threats in Singapore in 2021.

The latest edition of Ensign's report provides insights and analysis into the cyber threat landscape in Singapore and key Asia Pacific markets such as Hong Kong, Malaysia, and South Korea. It also explores emerging cyber threats that will impact organisations in 2022 and beyond.

Key findings from the report include:

Singapore: TMT and Transport Emerged as Top Targeted Industry Groups in 2021

The Technology, Media, and Telecommunications (TMT) industry group, comprising infocommunications, data centre and media sectors, was the top target for threat actors in 2021. Ensign found that nearly 70% of malicious traffic observed in Singapore in 2021 was directed at the infocommunications sector.

Threat actors targeted TMT organisations as they covet these firms' bandwidth and computing resources, which can be used to build botnets or compromise other connected organisations. Additionally, many TMT organisations also support other businesses by providing services such as processing and storing sensitive data. This gives malicious actors an easy access pathway to target and access downstream customers via cyber supply chain compromise.

"Infocommunications companies are lucrative targets for malicious actors as their services penetrate and power almost every aspect of our society and digital economy," says Steven Ng, CIO and EVP of Managed Security Services, Ensign.

"We need to constantly elevate our cyber defence capabilities to prevent cyber threats from derailing our nation's digital ambition and undermining our position as a regional technology hub.

"This would require public and private stakeholders to work closely together to build a vibrant cybersecurity ecosystem conducive to nurturing skilled cyber talents and driving innovation."

In addition, threat actors were targeting media organisations following the cyberattack campaigns outside Singapore. Media companies saw cyberattacks designed to cause business disruptions, including ransomware campaigns. A key driver behind these attacks was to prevent facts from being disseminated to the public. This can distort or disrupt the public's understanding of the situation.

The Transportation industry group, comprising the Aviation and Maritime sectors, became increasingly attractive targets due to their global and regional connectivity. This is fuelled by the collection of personal identifiable information (PII) for cross-border travel, which may include medical information for COVID-19 tracking purposes.

The Maritime sector continues to see ransomware attacks targeting shipping lines and maritime support services. This further exacerbates supply chain challenges caused by COVID-19. Ransomware operators are likely exploiting the already-strained business operations to pressure organisations to pay the ransom.

In 2021, Ensign observed an increase in opportunistic cyber incidents using stolen credentials in Singapore. It revealed that 80% of these incidents were traced to "hands on keyboard" intrusions against remote access portals such as VPN and Virtual Desktop Interfaces. In these attacks, threat actors manually log into an infected system using leaked credentials.

These attacks can be attributed to COVID-19 where companies were forced to swiftly establish emergency remote working arrangements. However, some of these systems are not adequately secured. As a result, past credential leaks and bad cyber hygiene, such as reusing leaked passwords, led to a number of these opportunistic cyber breaches.