Phishing scams nearly tripled to 47,500 URLs in 2019

Tech firms and banks were amongst the most commonly spoofed firms.

Phishing URLs hosted in Singapore and targeted at local industries such as e-commerce, banking and finance nearly tripled to 47,500 in 2019, compared to just 16,100 URLs in 2018, according to data from the Cyber Security Agency of Singapore (CSA).

Globally, 2019 saw the highest level of phishing attacks since 2016. Commonly spoofed local firms included tech firms, banking and financial organisations and email service providers, whilst the Immigration & Checkpoints Authority (ICA), Ministry of Manpower (MOM) and Singapore Police Force (SPF) were the most commonly spoofed government organisations.

In line with global trends, SPF reported that cybercrime has continued to rise, with 9,430 cases reported in 2019, up from 6,215 cases in 2018. This accounted for more than one-quarter of all crimes in Singapore in 2019.

E-commerce scams continued to be the top scam type, recording a 30% surge from 2,161 cases in 2018, to 2,809 in 2019. “In particular, victims continued to be enticed by attractive online deals on items such as electronic gadgets and event tickets,” the report stated.

At the same time, 873 websites were defaced in 2019, compared to 605 cases in 2018. The rise was partly attributed to an Indonesia-based hacker group, as well as ongoing developments in the Middle East. The majority of the defaced websites belonged to small and medium enterprises (SMEs) from sectors such as education, finance, manufacturing and retail.

At the same time, close to 370 malware variants were detected, with the top five malware—Mirai, Gamarue, Conficker, Nymaim, and Ranbyus—accounting for over half of all observed infections.

CSA detected about 530 unique command and control servers controlled by an attacker, compared to 300 observed in 2018. A daily average of about 2,300 botnet drones with Singapore Internet Protocol (IP) addresses were also observed.

The year also saw 35 reports of ransomware cases, compared to 21 cases in 2018. Organisations that fell victim to ransomware attacks mostly belonged to the travel and tourism, manufacturing and logistics industries.

Aside from security risks associated with working from home, the transition by organisations into cloud computing is expected to drive cybersecurity attacks. Other trends expected to have an impact on cybersecurity include AI, 5G, the surge in IoT devices and quantum computing.