Singapore sets up ransomware task force to tackle rising threat on businesses



SINGAPORE: The Government has set up an inter-agency counter-ransomware task force to pool representatives from different sectors and better tackle what has become a growing worry among businesses in Singapore.

The task force, set up earlier this year, will develop and make recommendations on possible policies, operational plans and capabilities to improve Singapore’s counter-ransomware efforts, the Cyber Security Agency of Singapore (CSA) said in a media release on Wednesday (Oct 19).

It comprises senior government representatives from the technology, cybersecurity, financial regulation and law enforcement domains.

Participating entities include CSA, the Government Technology Agency, the Infocomm Media Development Authority, the Monetary Authority of Singapore, the Singapore Armed Forces and the Singapore Police Force.

"Ransomware has become a growing concern for businesses in Singapore," CSA said, highlighting that the number of ransomware cases in Singapore has gone up by 54 per cent between 2020 and 2021.

"Around the world, ransomware attacks have also intensified in scale and impact, becoming threats to essential services and important infrastructure."

The task force is also looking at how to coordinate Singapore’s international engagement strategy in fighting ransomware, as well as push for greater international cooperation in cybersecurity, financial supervision and cross-border law enforcement operations.

"Ransomware is also a cross-border problem. Ransomware criminals are often based overseas and leverage jurisdictional boundaries to move illicit assets and evade legal consequences," CSA added.

Microsoft said in a blog post on Oct 14 that a newly discovered hacking group had attacked transportation and logistics companies in Ukraine and Poland with a novel kind of ransomware.

Researchers found that the hacks closely mirrored earlier attacks by a Russian government-linked cyber team that had disrupted Ukraine government agencies, Reuters reported.

Singapore's Coordinating Minister for National Security Teo Chee Hean cited how a ransomware attack on Costa Rica earlier this year crippled essential services in the country, forcing the Costa Rican government to declare a state of national emergency.

"Ransomware criminals can be opportunistic and highly sophisticated," he said in a speech at the opening ceremony of the Singapore International Cyber Week on Wednesday. "They take advantage of poor cybersecurity practices to gain access to their victims’ systems and data. They bet on victimised organisations being more willing to pay the ransom and hide the attack than to report the crime. They take advantage of gaps between jurisdictions to evade law enforcement."

Mr Teo, who is also Senior Minister, said the task force will bring businesses, the Government and international partners together to counter ransomware attacks more effectively.

CSA said the task force will deliver a report recommending strategies that the Government can take to improve its counter-ransomware efforts. "The report will be published in due course," CSA said.

RATING INTERNET HYGIENE OF E-COMMERCE COMPANIES

Businesses will also get an extra incentive to improve their cybersecurity practices, as the CSA plans to rate their Internet hygiene in a table published on a "regular basis".

"This is aimed at helping consumers make informed choices to better safeguard their digital transactions from cyber threats," CSA said. CSA said it will start by rating 10 "popular" businesses in the e-commerce sector, a move that comes after the Ministry of Home Affairs published in May similar ratings for e-commerce platforms' anti-scam efforts.

The Internet hygiene rating is based on the average adoption of Internet security best practices, curated by CSA as common globally recognised baseline Internet standards and security controls, the agency said.

These include important Internet security protocols like HTTPS to secure website communications between parties, DNSSEC to prevent DNS spoofing, hijacking and cache poisoning, and DMARC to prevent email spoofing.

Businesses will be given a green tick, yellow tick or red cross, depending on how many Internet best practices they have implemented.

"Many enterprises, particularly small- and medium-sized enterprises, lack awareness and/or have low adoption of Internet security best practices to safeguard their domains, websites and email servers," CSA said.

"This puts customers of these companies at risk because their data and details of their transactions with the company may not be properly secured."

Mr Teo said the ratings will allow users to do "health checks" on whether the websites they visit have the necessary security protocols.

"Individuals need to be aware of cyber risks, be capable of protecting themselves, and be responsible for their own safety and security online," he said.

CSA said it will engage businesses in other sectors like banking and finance as well as healthcare, and similarly publish their ratings.

The ratings are part of an Internet hygiene portal, a new one-stop platform with resources and self-assessment tools to help businesses adopt Internet security best practices as they digitalise.

"As Singapore builds up its digital economy and more businesses go online, cyber threats such as ransomware and phishing will remain major concerns," CSA said. Mr Teo said COVID-19 has accelerated the adoption of digital technologies in everyday life, be it in digital payments, shopping, chatting with friends, travelling or business.

"Securing the digital domain and ensuring a trusted cyberspace will enable all of us to enjoy the fruits of the digital revolution, and its promise of economic progress and a better life," he said.

Source: CNA