Report reveals increase in cyberthreats over 2020

Photo by Tima Miroshnichenko

The Cyber Security Agency of Singapore (CSA) has released its Singapore Cyber Landscape (SCL) 2020 publication, revealing an increase in cyber threats such as ransomware and online scams in 2020.

CSA’s SingCERT (Singapore Computer Emergency Response Team) handled a total of 9,080 cases in 2020, marking the second consecutive year of increase, compared to 8,491 cases reported in 2019 and 4,977 cases in 2018 respectively.

Although the number of phishing incidents remained stable and website defacements declined slightly, malicious cyber activities remain a concern amid a rapidly-evolving global cyber landscape and increased digitalisation brought about by the COVID-19 pandemic.

Throughout 2020, CSA observed that global threat actors had capitalised on the anxiety and fear wrought by the pandemic, with repercussions felt by individuals and businesses. These threat actors made their presence felt, targeting areas such as e-commerce, data security, vaccine-related research and operations, as well as contact tracing operations.

Some of these trends were mirrored locally, where a surge in ransomware incidents as well as the emergence of COVID-19-related phishing activities were seen. These also coincided with the rise of Work-from-Home (WFH) arrangements, as individuals and businesses adopted new technologies to maintain business continuity.

Key malicious cyber activities in 2020


89 ransomware cases were reported to CSA in 2020, a sharp rise of 154 per cent from the 35 cases reported in 2019. The cases affected mostly Small-and-Medium Enterprises (SMEs), and hailed from sectors such as manufacturing, retail and healthcare.

The significant increase in local ransomware cases was likely influenced by the global ransomware outbreak, where three distinct characteristics were observed as ransomware operators deployed increasingly sophisticated tactics.

They include (a) shifting from indiscriminate, opportunistic attacks to more targeted “Big Game Hunting (BGH)”; (b) the adoption of “leak and shame” tactics; and (c) rise in “Ransomware-as-a-Service” (RaaS)  models.

Malicious Command and Control (C&C) Servers & Botnet Drones 

In 2020, CSA observed 1,026 malicious C&C servers hosted in Singapore, a 94 per cent increase from the 530 C&C servers observed in 2019. The rise was in part attributed to the increase in C&C servers distributing the highly pervasive Emotet and Cobalt Strike malware, which accounted for one-third of the malware C&C servers observed.

In 2020, CSA detected about 6,600 botnet drones with Singapore IP addresses daily, an increase from 2019’s daily average of 2,300. Variants of the Mirai and Gamarue malware were prevalent among infected botnet IP addresses in 2020, with Mirai malware, which primarily targets Internet-of-Things (IoT) devices, staying strong due to the continuing growth of IoT devices locally.


About 47,000 unique Singapore-hosted phishing URLs (with a “.SG” domain) were observed in 2020, a slight decrease of 1 per cent compared to 47,500 URLs seen in 2019.

Globally, 2020 saw a surge in COVID-19-related phishing campaigns. In Singapore, the overall volume of malicious phishing URLs remained comparable to the figures seen in 2019. COVID-19 themes very likely accounted for over 4,700 of malicious URLs spoofing local entities and services that were in greater demand during Singapore’s circuit breaker period, which included online retail and payment portals.

Website Defacements 

495 ‘.sg’ websites were defaced in 2020, a decrease of 43 per cent from 873 in 2019. The majority of victims were SMEs, and no government websites were affected. The significant fall in 2020 is consistent with global trends and suggests that activist groups could have chosen other platforms with potentially wider reach (e.g. social media) to embarrass their victims and attract visibility for their causes.


The Singapore Police Force reported that cybercrime remained a key concern, with 16,117 cases reported in 2020, up from 9,349 cases in 2019. It accounted for 43 per cent of overall crimes reported in 2020.

Online cheating cases made up the top cybercrime category in Singapore, recording a rise of almost 62 per cent from 7,580 cases in 2019, to 12,251 cases in 2020. This trend is attributed to the rapid growth of e-commerce, the proliferation of community marketplace platforms and social media platforms as Singaporeans carried out more online transactions due to COVID-19. 

Anticipated Cybersecurity Trends

The report highlighted several emerging cybersecurity trends to watch against the backdrop of an increasingly complex and dynamic cyber threat landscape. Near-term trends include:

Evolving Traits of Ransomware Attacks 

Ransomware has evolved into a massive and systemic threat, and is no longer restricted to the sporadic and isolated incidents observed.  Globally, the recent spate of high-profile ransomware incidents affecting essential service providers and key firms – such as the fuel pipeline company Colonial Pipeline (United States) and meat processing company, JBS (Brazil) – have demonstrated that the attacks could cause real-world effects and harm, and may have the potential to become national security concerns.

The proliferation of such attacks spells an urgency for businesses to review their cybersecurity posture and ensure that they build their systems to be resilient in recovering from any successful cyber-attacks.

Targeting of Remote Workforce 

Social distancing measures during the COVID-19 pandemic have led to the rapid adoption of remote working. However, poorly configured network and software systems – which are part of the new remote work ecosystems – have widened the attack surface and exposed organisations to greater risk of cyber-attacks.

Increased Targeting of Supply Chains 

A successful breach in the supply chain, as seen in the high-profile SolarWinds supply-chain breach at the tail end of 2020, provided cyber threat actors a single pivoting point to multiple victims.

While such attacks are not new, they are becoming more sophisticated. The compromise of a trusted supplier or software can result in widespread repercussions worldwide, as victims could include major vendors with huge customer bases.

Other trends that are expected to surface in the mid-term include cybersecurity risks associated with space infrastructure. Cyber threat actors may compromise space infrastructure in order to disrupt activities that they support, or obtain strategic information – that satellites are now capable of yielding – on Earth-bound targets of interest.

Another trend expected to continue in the long term includes the mass proliferation of Internet-connected devices.

Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said, “Due to the challenges brought about by COVID-19, 2020 was a watershed for digitalisation efforts across all parts of the economy and society.

“Unfortunately, the speed and scale at which digital technology was adopted may have led to some risks being taken, and threat actors are capitalising on this. The Government, organisations, and individual users need to work together in order to keep ourselves secure in cyberspace.”