Net of the Living Dead: Hacker-controlled zombie devices triple in Singapore, Tech News News & Top Stories
SINGAPORE – Internet-linked “zombie” devices infected with malware that allow hackers to control them and launch cyber attacks, have tripled their numbers here amid the Covid-19 pandemic, according to latest government findings .
On average, 6,600 of these malicious devices, also known as botnet drones, were seen here daily last year, a jump from 2,300 in 2019, the Singapore Cyber ââSecurity Agency (CSA) said in a report released Thursday. (July 8).
These devices can be computers, routers and even smartphones hacked by hackers. Infected with malware, they behave like zombies or drones which, unbeknownst to their owners, “subconsciously” follow hackers’ instructions.
By sending commands to large groups of these devices, called botnets, hackers can use them to carry out cyber attacks. This can include crashing computer systems, breaking into systems to steal data, phishing victims’ information, and launching ransomware attacks that cause digital files to be locked until hackers get paid.
The number of systems used to control botnets, also known as command and control servers, found in Singapore has also nearly doubled.
CSA said 1,026 of those servers were registered here last year, up from 530 in 2019.
The sharp increase in botnet drones and the servers that control them could be due to cybercriminals seizing the opportunities created by the pandemic, said Ms. Genie Sugene Gan, head of public affairs and government relations at cybersecurity firm Kaspersky. for Asia-Pacific.
She explained that IT teams were in high demand because the coronavirus has pushed companies to go digital at breakneck speed.
âPerhaps cybersecurity was forced to take a back seat, as companies were primarily concerned with the survival of the business and inevitably prioritized business continuity,â Ms. Gan said.
She added that hackers were also exploiting emotionally and physically vulnerable people last year.
“The fear and anxiety over the health crisis along with the need to adapt to lockdown restrictions have made it easier for all of us to fall prey to cyber attacks, especially through social engineering like phishing, scams, spam emails, etc., âMs. Gan said. .
One of the main malware released last year by the servers that control botnets here was Emotet, which CSA says is known to employ sophisticated social engineering tactics.
Last year, cybersecurity companies warned that spam emails masquerading as coronavirus alerts from legitimate organizations were being used to trick people into uploading Covid-19 documents that were truly Emotet in disguise.
As to why hackers installed so many servers in Singapore to control zombie devices, Ms Gan said it was a by-product of the country’s highly developed digital infrastructure and its role as regional data center.
Kaspersky’s own findings showed Singapore retains its place as the world’s 10th largest source of online threats in 2020.
The CSA report also says ransomware cases in the Republic increased 154% from 35 cases in 2019 to 89 last year.
While most of the reported cases were from small and medium-sized enterprises (SMEs), ransomware operators were looking for larger victims in manufacturing, retail and healthcare, the agency said.
Police figures show cyber extortion also jumped 260%, to 245 cases last year, from 68 in 2019.
The average number of local ransomware cases per month has increased from April of last year, which coincided with the start of the two-month blackout period.
CSA said this could be due to more people telecommuting and adopting unsafe practices to get work done during extended lockdown periods.
He warned that “with the shift in global focus towards vaccine development and deployment, ransomware operators are likely to scale their campaigns accordingly and target vaccine-related supply chains and industries.” .
Mr. Eric Hoh, Asia-Pacific president of the Mandiant unit of cybersecurity firm FireEye, said organizations, especially SMEs, that have lower priorities in cybersecurity investments could become easy targets. for ransomware.
He said the manufacturing, retail and healthcare sectors have not traditionally been IT-centric, so their cybersecurity awareness is lower than in industries like tech or finance. . This makes them more prone to phishing attempts or less likely to understand the importance of patch management for IT systems, he said. Regularly patching software can help close security holes exploited by hackers.
The spike in ransomware cases here could be due to a tendency for ransomware hackers to become rental guns as well.
Mr. Hoh said this “ransomware as a service” model “dramatically lowers the barriers to entry for malicious actors, which in turn dramatically increases attack volumes.”
He added that ransomware is no longer just a nuisance as it once was, but can now seriously disrupt business.
Several high-profile cases of ransomware in recent months include the attack on the Colonial pipeline in the United States in May which affected the fuel supply of approximately 50 million customers.
Then, over the weekend, a ransomware attack centered on US computer company Kaseya, which helps other businesses manage their computer networks, reportedly affected between 800 and 1,500 businesses worldwide.
Communications and Information Minister JosÃ©phine Teo said in a written parliamentary response on Tuesday that action had been taken here in light of the ransomware threat.
For example, CSA called on sectors with critical information infrastructures – such as energy and land transport – to strengthen their cybersecurity, strengthening their ability to quickly detect suspicious activity, regularly backing up their data and storing them offline, and ensuring employees know what to do in the event of an attack. The government has also taken similar steps.
But Ms. Teo stressed that the ransomware threat goes beyond attacks against essential services or government agencies, because “it can strike any of us or our organizations, denying us access to our data. or disrupting our business or operations “.
She urged organizations and the public to take preventative action – such as in the notices the CSA sent out – before a ransomware attack hits them.
The agency’s report also states that the number of phishing sites detected with a link to Singapore remained stable at 47,000 last year, a slight decrease of 1% from 2019.
Cybercrime jumped in 2020 to 16,117 cases, up from 9,349 in 2019. It accounted for 43% of all crimes in Singapore last year, according to police figures.
Last year, most cybercrime cases involved online cheating with 12,251 cases, up from 7,580 in 2019.