Waterhole Attacks and Phishing Determined as Singapore’s Top Cyber Hazard Vectors in 2019, Contributing to 84%of Cyberattacks: Ensign InfoSecurity Report

Spread the love

The report also discovered a rise in activities from the threat actor group, APT32, in Singapore and identified the Emotet malware as a rising risk in 2019

SINGAPORE – Media OutReach – 18 May 2020 – Ensign InfoSecurity(Ensign), one of Asia Pacific’s largest.
pure-play cybersecurity companies, today revealed the findings of its Singapore.
Risk Landscape 2019
report, which recognized waterhole attacks, a.
tactical site compromise attack, and phishing as the country’s top threat.
vectors in 2019, accounting for 84% of all cyberattacks found.

The report likewise exposed that the high innovation[1] industry in Singapore is the top target for danger.
actors in2019 Business in this sector are appealing targets as danger.
actors want to exploit their information centre facilities to broaden their botnet.
activities in addition to target other organisations whose servers are being hosted.

In 2019, the top.
five most targeted sectors in Singapore are:

This report was produced using.
Ensign’s proprietary tools and information designs, including Ensign Singapore-centric Cyber.
Hazard Intelligence
Cyber Hazard Detection & Analytics engine, and the Ensign IP360
platform which profiles activities and behaviours of anonymous IPs in.
enterprise network traffic.

” Importance and.
context are the most crucial components when analysing cyber risk.
intelligence as hazards and patterns can differ across locations, sectors and.
companies,” stated Lee Shih Yen, Senior Citizen Vice President, Ensign Labs, Ensign.
InfoSecurity. “Only by combining different global and local cyber hazard.
intelligence sources are we able to obtain accurate and deep information about.
Singapore-specific dangers and help organisations strengthen their cybersecurity.
posture by providing contextualised, actionable insights.”

Singapore’s Top 2 Danger.
Vectors in 2019

Waterhole attacks are the most.
widespread hazard vector of 2019, adding to almost half (47%) of.
all discovered cyberattacks in Singapore. Waterhole attacks happen when an.
aggressor compromises a website and changes its content with harmful payloads.
Unwary victims who then download material from these websites will infect.
their machines with malware.

This approach enables.
danger actors to execute supply chain attacks where they infect servers.
including updates of popular software application and change these updates with malicious.
codes to spread out malware. This allows risk stars to achieve mass infection,.
especially when the vulnerable web server is popular and relied on by end users.

The other top.
risk vector in Singapore is phishing(also called malspam), and practically.
two out of 5 (37%) of the found cyberattacks in 2019 can be.
attributed to it. Phishing is a reliable social engineering method and a.
popular tactic for risk actors as it is easy to execute and able to target a.
large pool of victims.

— Threat Star Group with Highest Cyberattack Footprint in 2019

Both waterhole attacks and phishing are the favoured strategies of the.
risk actor group, APT32 The report uncovered.
that the increase in activities connected with APT32, likewise known as.
Oceanlotus, is greater than any other threat actor groups in Singapore in2019


APT32, which has.
been active considering that 2014, focuses its activities in Southeast Asia and has.
targeted numerous economic sectors and federal governments throughout the region.

In 2019, Ensign identified.
APT32 associated activities in 23 out of 34 sectors (68%) in Singapore. The.
spread of cyberattacks across diverse sectors lines up with APT32’s technique of running.
opportunistic phishing email projects throughout the year.

From April.
to May 2019, Ensign found a 500% spike in APT32 activities in.
Singapore’s manufacturing sector. From October to December 2019, Ensign found an.
800% boost in APT32 activities, which is the result of seasonal.
phishing campaigns that this hazard star group was running during the shopping.
and festival seasons.

Emotet– A Rising Danger in 2019

The report also found that Emotet
was the most popular malware in Singapore. Ensign detected Emotet activities.
in 27 out of 34 (79%) sectors in 2019, impacting more than 1,200
The extensive attacks throughout a broad spectrum of sectors.
indicate the attacks were likely opportunistic and in the form of spam.

In the.
Half of 2019, particularly from February to April, Ensign discovered high.
volumes of penetrating activities on port 445, which is a susceptible port targeted.
by Emotet. It is most likely that hazard actors were scanning for vulnerable targets.
as part of their reconnaissance.

In Q4 of.
2019(1 October to 31 December), Emotet phishing detections increased by nine.
compared to Q3 of 2019 (1 July to 30 September). This can be.
credited to the launch of phishing email campaigns by various danger actor.

In the same.
duration, there was an 11 times increase in outbound Emotet C2 (command and.
control) detections compared to Q3 of2019 The boost in outbound traffic.
with Emotet indicators-of-compromise (IoCs) can be credited to servers being.
infected by phishing spam campaigns.

” Standard.
and reactionary signature-based hazard detection is inadequate in today’s cyber.
danger landscape as modular, polymorphic malware, such as Emotet, are emerging.
faster than ever. Organisations require to have a proactive cybersecurity posture,.
and this not just needs access to hyperlocalised, actionable danger.
intelligence, however also behaviour-based security abilities that can discover changes.


[1] For high innovation.
companies, technological developments and advanced systems, applications, and gadgets play a. central function in their core service offerings and services. Some examples.
consist of cloud, data centre, and web hosting service providers.

[2] For info-communications
companies, they specialise in network connectivity and info-communication.
innovation services and products. Some examples include telecommunications.
business, internet service companies, and network operators.

[3] MITRE ATT&CK ® ( Adversarial.
Methods, Strategies, and Common Understanding) framework is a knowledge base.
of cyber threat techniques and strategy which permits cybersecurity scientists,.
cyber danger hunters and red teamers to much better comprehend cyber threats and.
evaluate an organisation’s cyber threats.

Find Out More