Asian Spectator

Waterhole Attacks and Phishing Identified as Singapore's Top Cyber Threat Vectors in 2019, Contributing to 84% of Cyberattacks: Ensign InfoSecurity Report

  • Written by Ensign InfoSecurity

The report also uncovered a surge in activities from the threat actor group, APT32, in Singapore and identified the Emotet malware as a rising threat in 2019

SINGAPORE - Media OutReach[1] - 18 May 2020 - Ensign InfoSecurity[2] (Ensign), one of Asia Pacific's largest pure-play cybersecurity firms, today unveiled the findings of its Singapore Threat Landscape 2019 report, which identified waterhole attacks, a strategic website compromise attack, and phishing as the nation's top threat vectors in 2019, accounting for 84% of all cyberattacks detected.

 

The report also revealed that the high technology[1] industry in Singapore is the top target for threat actors in 2019. Companies in this sector are attractive targets as threat actors want to exploit their data centre infrastructure to expand their botnet activities as well as target other organisations whose servers are being hosted there.

 

In 2019, the top five most targeted sectors in Singapore are:

Waterhole Attacks and Phishing Identified as Singapore's Top Cyber Threat Vectors in 2019, Contributing to 84% of Cyberattacks: Ensign InfoSecurity Report

 

This report was generated using Ensign's proprietary tools and data models, including Ensign Singapore-centric Cyber Threat Intelligence, Cyber Threat Detection & Analytics engine, and the Ensign IP360 platform which profiles activities and behaviours of anonymous IPs in enterprise network traffic.[3][4]

"Relevance and context are the most important elements when analysing cyber threat intelligence as threats and trends can differ across geographies, sectors and companies," said Lee Shih Yen, Senior Vice President, Ensign Labs, Ensign InfoSecurity. "Only by combining different global and local cyber threat intelligence sources are we able to derive accurate and deep information about Singapore-specific threats and help organisations bolster their cybersecurity posture by providing contextualised, actionable insights."

 

Singapore's Top Two Threat Vectors in 2019

Waterhole attacks are the most prevalent threat vector of 2019, contributing to nearly half (47%) of all detected cyberattacks in Singapore. Waterhole attacks occur when an attacker compromises a website and replaces its content with malicious payloads. Unsuspecting victims who then download content from these websites will infect their machines with malware.

 

This method enables threat actors to execute supply chain attacks where they infect servers containing updates of popular software and replace these updates with malicious codes to spread malware. This allows threat actors to achieve mass infection, especially when the vulnerable web server is popular and trusted by end users.

 

The other top threat vector in Singapore is phishing (also known as malspam), and almost two out of five (37%) of the detected cyberattacks in 2019 can be attributed to it. Phishing is an effective social engineering technique and a popular tactic for threat actors as it is easy to execute and able to target a wide pool of victims.

 

APT32 -- Threat Actor Group with Highest Cyberattack Footprint in 2019

Both waterhole attacks and phishing are the favoured techniques of the threat actor group, APT32. The report uncovered that the increase in activities associated with APT32, also known as Oceanlotus, is higher than any other threat actor groups in Singapore in 2019.

 

APT32, which has been active since 2014, concentrates its activities in Southeast Asia and has targeted multiple private sectors and governments across the region.

 

In 2019, Ensign detected APT32 associated activities in 23 out of 34 sectors (68%) in Singapore. The spread of cyberattacks across diverse sectors aligns with APT32's strategy of running opportunistic phishing email campaigns throughout the year.

 

From April to May 2019, Ensign detected a 500% spike in APT32 activities in Singapore's manufacturing sector. From October to December 2019, Ensign found an 800% increase in APT32 activities, which is the result of seasonal phishing campaigns that this threat actor group was running during the shopping and festival seasons.

 

Emotet -- A Rising Threat in 2019

The report also found that Emotet[5] was the most prominent malware in Singapore. Ensign detected Emotet activities in 27 out of 34 (79%) sectors in 2019, impacting more than 1,200 companies. The widespread attacks across a broad spectrum of sectors indicate the attacks were likely opportunistic and in the form of spam campaigns.

 

In the first half of 2019, especially from February to April, Ensign detected high volumes of probing activities on port 445, which is a vulnerable port targeted by Emotet. It is likely that threat actors were scanning for vulnerable targets as part of their reconnaissance.

 

In Q4 of 2019 (1 October to 31 December), Emotet phishing detections spiked by nine times compared to Q3 of 2019 (1 July to 30 September). This can be attributed to the launch of phishing email campaigns by various threat actor groups.

 

In the same period, there was an 11 times increase in outgoing Emotet C2 (command and control) detections compared to Q3 of 2019. The increase in outgoing traffic with Emotet indicators-of-compromise (IoCs) can be attributed to servers being infected by phishing spam campaigns.

 

"Conventional and reactionary signature-based threat detection is inadequate in today's cyber threat landscape as modular, polymorphic malware, such as Emotet, are emerging faster than ever. Organisations need to have a proactive cybersecurity posture, and this not only requires access to hyperlocalised, actionable threat intelligence, but also behaviour-based security capabilities that can detect changes in adversary tactics and techniques based on the MITRE ATT&CK® framework,[3]" added Shih Yen.



[1] For high technology companies, technological innovations and advanced systems, applications, and devices play a central role in their core business offerings and services. Some examples include cloud, data centre, and web hosting service providers.

[2] For info-communications companies, they specialise in network connectivity and info-communication technology products and services. Some examples include telecommunications companies, internet service providers, and network operators.

[3]MITRE ATT&CK® (Adversarial Tactics, Techniques, and Common Knowledge) framework is a knowledge base of cyber threat tactics and technique which allows cybersecurity researchers, cyber threat hunters and red teamers to better understand cyber threats and assess an organisation's cyber risks.

References

  1. ^ Media OutReach (www.media-outreach.com)
  2. ^ Ensign InfoSecurity (www.ensigninfosecurity.com)
  3. ^ Ensign Singapore-centric Cyber Threat Intelligence (www.ensigninfosecurity.com)
  4. ^ Cyber Threat Detection & Analytics (www.ensigninfosecurity.com)
  5. ^ Emotet (www.ensigninfosecurity.com)

Authors: Ensign InfoSecurity

Read more http://www.media-outreach.com/release.php/View/35413#Contact

The Society For The Promotion Of Japanese Animation Announces ...

SANTA ANA, California, May 27, 2020 /PRNewswire-AsiaNet/ -- -- FREE Livestream Event to take place July 3 & 4The Society for the Promotion of Japanese Animation (SPJA) is thrilled to unv...

Jumeirah Al Naseem in Dubai Becomes First Hotel in the World t...

DUBAI, United Arab Emirates, May 28, 2020 /PRNewswire-AsiaNet / -- Five-star resort meets stringent health, safety and hygiene standards defined by the global leader in testing, inspection a...

Jennewein Publishes New Results on the Norovirus-inhibiting Ef...

RHEINBREITBACH, Germany, May 27, 2020 /PRNewswire-AsiaNet/ -- Jennewein Biotechnologie GmbH today announces the publication of the latest results from its norovirus research program in the J...

ActLight Signs an Agreement on Single Photon Sensitivity Techn...

LAUSANNE, Switzerland, May 27, 2020 /PRNewswire-AsiaNet/ -- ActLight, the Swiss technology firm known for its best in class signal-to-noise ratio photodiodes, announced today that it has sig...

Merck and Baylor College of Medicine Collaborate to Advance a ...

DARMSTADT, Germany, May 27, 2020 /PRNewswire-AsiaNet/-- -- Company will focus on process development and improvements for manufacturing Baylor's Covid-19 vaccine candidates Merck, a leading ...

Kentik Raises $23.5 Million in Growth Funding

SAN FRANCISCO, May 27, 2020 /PRNewswire-AsiaNet/ -- With Network Traffic Surging and New Visibility Gaps, Kentik is "the Right Company at Exactly the Right Time" Kentik(R), provider of the l...

Chengdu is Becoming the Engine Driving Development in China

CHENGDU, China, May 27, 2020 /Xinhua-AsiaNet/-- On April 28, the official website of Sichuan Provincial Government released the Reply and Approval from Sichuan Provincial People's Government...

The Reverend Elvis Sings "Can't Help Falling in Love with You"...

CALGARY, Alberta, May 27, 2020 /PRNewswire-AsiaNet/ -- Reverend Elvis Bruce Sheasby has a passion for singing the Gospel and sharing God's Grace, especially now with seniors facing isolation...

Ajinomoto Bio-Pharma Services Signs Manufacturing Agreement wi...

SAN DIEGO, May 27, 2020 /PRNewswire-AsiaNet/ -- Ajinomoto Bio-Pharma Services ("Aji Bio-Pharma"), a leading provider of biopharmaceutical contract development and manufacturing services, is ...

Nuance Voice Biometrics Quickly Identifies Customers and Stren...

BURLINGTON, Massachusetts and SYDNEY, May 27, 2020 /PRNewswire-AsiaNet/ -- -- Millions of phone banking customers benefit from fast, safe and simple verification process while removing the n...

Hop Supplier Announces New CFO During Critical Time in Hop and...

YAKIMA, Washington, May 27, 2020 /PRNewswire-AsiaNet/ -- Yakima Chief Hops ( https://c212.net/c/link/?t=0&l=en&o=2814166-1&h=1960476481&u=https%3A%2F%2Fwww.yakimachief.com%2F...

Herbalife Nutrition Survey Reveals Asia Pacific Consumers Turn...

HONG KONG, May 27, 2020 /PRNewswire-AsiaNet/ -- Less than a quarter of Asia Pacific consumers scored passing marks in a general nutrition knowledge quiz, with only four in 10 expressing stro...

Opengear Adds NetOps to Out-of-Band Management, With Launch of...

EDISON, New Jersey, May 27, 2020 /PRNewswire-AsiaNet/ -- OM1200 and OM2200 NetOps Console Servers bring NetOps and Smart Out-of-Band together, in one appliance Opengear, [https://opengear.co...

Mainetti to launch M-care PPE Range

HONG KONG, May 27, 2020 - (ACN Newswire) - Mainetti Group is pleased to announce a new range of personal protective equipment (PPE), "M-care", available to customers in support of mitigatin...

Alliance New Cooperation Business Model to Support Member-Company Competitiveness and Profitability

TOKYO, May 27, 2020 - (JCN Newswire) - Groupe Renault, Nissan Motor Co., Ltd. and Mitsubishi Motors Corporation, the members of one of the world's leading automotive alliances, today announ...

Barry Callebaut to acquire GKC Foods in Australia

Zurich, Switzerland and Singapore, May 27, 2020 /PRNewswire-AsiaNet/-- - Acquisition establishes Barry Callebaut's direct presence and manufacturing capacity in Australia to cater for the Au...

eK X and eK Wagon Achieve Top Ratings for Preventive and Collision Safety Performance in JNCAP

TOKYO, May 27, 2020 - (JCN Newswire) - MITSUBISHI MOTORS CORPORATION (MMC) today announced that eK X and eK Wagon have been awarded the highest rating by Japan New Car Assessment Program (J...

MIMS COVID-19 webcast draws record turnout

Online meeting sees the participation of 3,600 healthcare professionals from across Asia Pacific SINGAPORE - Media OutReach - 27 May 2020 - The MIMS Group conducted an on...

2019 JNCAP Assessment on Toyota Vehicles Announced

Toyota City, Japan, May 27, 2020 - (JCN Newswire) - Toyota models Alphard/Vellfire, RAV4, and Raize received the highest rank awards in the FY2019 safety performance assessment by JNCAP(1)...



News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion