Increase in phishing attempts targeting Singapore SMEs

With the COVID-19 pandemic accelerating Singapore’s digitalisation efforts, SMEs have become the focal point of discussion for many, as funding worries and the shift to telecommuting have left them in no man’s land.

While the Government has launched generous initiatives such as the new training and adult education industry digitalisation plan to augment SMEs’ competitiveness, malicious actors continue to find new ways to test businesses’ digital readiness.

According to Kaspersky’s latest statistics, the global cybersecurity company foiled 89,351 phishing attacks against SMEs in H1 2020, compared to 55,653 in the same period last year. Although Singapore continues to fare better than their SME counterparts in Indonesia, Malaysia, Philippines, Thailand and Vietnam to witness the lowest volume of phishing attacks in Southeast Asia, the 61% increase suggests that more can be done by Singapore’s SMEs to improve their cybersecurity.

Globally, top phishing topics include malicious campaigns using the coronavirus as bait (mask selling scams, donation requests for coronavirus vaccine research funding, scams exploiting coronavirus fears, pandemic-related bonuses and “compensations,” etc.), employee performance appraisals (important messages from HR/admin, Sharepoint invitations and voice messages used as bait, etc.), urgent password check requests, urgent press release notices, email back-up notices, and so on

Apart from phishing attacks, malicious mining is emerging to be a major cybersecurity threat for SMEs in Singapore. Kaspersky foiled 14,141 mining incidents against the devices of businesses in Singapore in 1H 2020, a 90% increase compared to the same period last year.

Malicious mining, also known as cryptojacking, occurs when cybercriminals install a specialised “mining” software to create new coins by drawing upon the computing power of infected computers and devices. Cryptojacking has also been known to occur when a victim visits a site that has a mining script embedded in the browser.

Although phishing attacks and ransomware are some of the more well-known threats that businesses face, its recent emergence as one of the top threats for SMEs highlights an urgent need to understand this phenomenon better.

“Despite the COVID-19 pandemic, Singapore continues to retain attraction as the region’s premier business hub, and speaks well of the local businesses’ ability to remain resilient despite headwinds from the global slowdown,” says Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky.

“However, almost half (41%) of businesses continue to express that the high costs of investment – lack of financing and funding – are major barriers holding them back from digitalisation. The implications of this statistic are significant, as it means cybersecurity may not be a key priority for businesses during this period of cost-cutting,” he adds.

“Inevitably, the shift to remote working increases the number of cybersecurity risks and we see this turning into a self-fulfilling prophecy, where social engineering attacks in the form of phishing emails have increased substantially this year as more people work from home.

“The use of company devices to conduct personal tasks or accessing the corporate network on one’s personal device will lead to gaps in cybersecurity, where malicious actors gain additional windows of opportunity to compromise our IT devices and systems. Hence, it is important for SMEs to recognise that they cannot afford any slip ups and mitigate the risk of business disruption by enhancing their cybersecurity protocols,” he concluded.

Regarding ransomware attacks on SMEs, the Republic also witnessed a 90% decline in the number of ransomware attacks blocked by Kaspersky, with 277 attempts tracked for H1 2020 as compared to 2713 in the same period last year.

Kaspersky experts suggest the following tips for SMEs to avoid being lured by cybercriminals through phishing, crypto-mining and ransomware:

  • Teach employees about the basics of cybersecurity. For example, not opening or storing files from unknown emails or websites as they could be harmful to the whole company, or to not use any personal details in their passwords. In order to ensure passwords are strong, staff shouldn’t use their name, birthday, street address and other personal information.
  • Regularly remind staff of how to deal with sensitive data, for example, to only store it in trusted cloud services that need to be authenticated for access and that it should not be shared with untrusted third parties.
  • Enforce the use of legitimate software, downloaded from official sources.
  • Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that could cause a breach.
  • Configure Wi-Fi encryption. It is imperative to configure your network connection correctly and set your router’s log-in and password regularly.
  • Use a VPN if connecting to Wi-Fi networks that don’t belong to you. When you’re connected through a VPN, all of your data will be encrypted regardless of the network settings, and outsiders will not be able to read it.
  • Keep track of your server load. If the daily load changes suddenly, that may be a symptom of a malicious miner. Carrying out regular security audits of your corporate network may also be helpful.
  • Monitor web traffic – frequent queries to domains of popular cryptomining pools are a clear sign that someone is mining at your expense. Ideally, add these domains to your domain block lists for all computers in your network — lists of such domains can be found online. New domains are constantly appearing, so be sure to update the list systematically.
  • Use corporate services for e-mail, messaging, and all other work. Stick to corporate resources when exchanging documents and other information. Those cloud drives, but configured for business, are generally far more reliable than the free user versions. 
  • Protect devices with an antivirus solution. It is vital that you install a reliable security solution on all devices that handle corporate data.