In 2021, 137 Singapore firms fell victim to ransomware attacks

In 2021, 137 Singapore firms fell victim to ransomware attacks: CSA

Ransomware attacks have become an increasingly severe threat to national security in Singapore, with 50% more companies falling victim to them last year.

Cyber Security Agency (CSA) of Singapore reported that the number of Singaporean firms whose systems were locked up until a ransom was paid increased from 89 in 2020 to 137 last year.

In the Singapore Cyber Landscape 2021 report released on Monday (August 29), CSA said ransomware attacks moved from sporadic and isolated incidents to legitimate national security risks capable of massive and systemic attacks affecting entire networks of large organizations.

According to the sixth annual report, not all attacks were reported so the figures could be only the tip of the iceberg.

The CSA found that most of the firms hit by ransomware last year were small and medium-sized enterprises (SMEs) in the IT and manufacturing sectors. In both sectors, systems may run 24/7, so downtime to patch them may not be feasible. It said several groups that target small businesses in Singapore use the ransomware-as-a-service model. Hacking software is leased to other cybercriminals, who are cut off the proceeds. This security model lowers the possibility for amateur or less-skilled hackers to break into a company’s systems.

Although the report did not mention specific cases in Singapore, it said a data breach last January involving 129,000 Singtel customers in a ransomware attack.

Hackers exploited vulnerabilities in the software programming of Accellion, a company that makes file-sharing software used by Singtel and many other organizations. This led to cyber criminals later posting a ransom note addressed to Accellion demanding $250,000 worth of Bitcoin. The incident was severe and wrong, but the theft was prevented due to Accellion’s security measures.

Other high-profile global incidents include an attack on American fuel transporter Colonial Pipeline’s IT systems in May last year, which disrupted its oil and gas supply to 50 million customers, leading to fuel shortages and cost hikes.

In May of last year, both Ireland’s Health Service Executive and New Zealand’s Waikato District Health Board were hit by that nasty ransomware. The work of these institutions was paralyzed, and sensitive patient data was leaked.

One of the world’s largest meat producers, JBS, was forced to temporarily stop production operations in North America and Australia after its IT network was attacked by ransomware last year. The move threatened to disrupt global food supply chains, further inflate prices and make it difficult for farmers to do business. It later paid US$11 million ($15.3 million) to criminals to restore its data.

Also mirroring global trends, there was a three-fold increase in the number of command and control servers controlled by hackers hosted here – from 1,026 in 2020 to 3,300 last year.

These servers control malware-infected computers or surveillance cameras to launch attacks that steal data, distribute ransomware or take down critical systems.


Computer Security Agency has reported that hackers commonly use phishing to attack systems before deploying malware. There were 55,000 links to phishing sites hosted here last year, a 17% increase from 47,000 in 2020.

Social networking firms like WhatsApp and Facebook made up more than half of spoofed targets last year. Scammers took advantage of public interest in WhatsApp’s announcement last January on how its users’ phone numbers would be shared with Facebook. Last year, social networking firms such as WhatsApp and Facebook made up more than half of the phished targets. This is likely due to public interest in WhatsApp’s announcement last January on how its users’ phone numbers would be shared with Facebook.

In their report, CSA stated that the Ministry of Health was the most commonly spoofed government agency, with impersonations growing steadily as Covid-19 cases surged in the 4th quarter of last year. Other notable agencies were CSA and the Ministry.

“In most of these cases, scammers spoofed the authorities to trick victims into divulging their credentials or personal data,” said CSA.

Significant cyber security incidents that took place in 2021

Global incidents:

  • Accellion recently became aware of vulnerabilities in its software which have been exploited for data breaches and extortions with malware-related consequences.
January to March
  • Hack of the company’s software that runs on Microsoft e-mail servers
  • Attempted poisoning of the water supply in Florida, US via cyberattack
  • The JBS meat producer was attacked by hackers, who made off with sensitive information.
  • Vulnerability in tech firm Kaseya’s software used for ransomware attacks
  • Israeli firm NSO Group’s spyware revealed to have been used against government officials and journalists
    Cyberattack on Iran’s train system
  • Alleged targeting of South-east Asian telcos by hacker groups typically backed by governments
  • Cyberattack on Iran’s gas stations
  • Law enforcement operations in Jan 2021 dismantled cyberattacks involving malware, Emotet returned after most of its infrastructure.
  • Security flaw in software Log4j used for cyberattacks


Incidents in Singapore:
  • A data breach involving the personal information of Singtel’s customers
March to August
  • Various companies suffer ransomware attacks and data extortion by the hacking group Altos.
  • Ransomware attack on clinic Eye & Retina Surgeons
  • A data breach involving the personal information of MyRepublic’s customers
  • Statement by authorities that criminals can obtain SMS one-time passwords (OTPs) sent by banks to make fake credit card payments
  • Cyberattack with data theft on marine services provider Swire Pacific Offshore
  • High-profile phishing scams targeting OCBC Bank customers

Source: Dominic Low, Straits Times Aug 29, 2022, 10:00 AM SGT