SINGAPORE CYBER LANDSCAPE 2018 - Cyber Security Agency
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
SINGAPORE CYBER LANDSCAPE 2018
CONTENTS
Foreword 3
Overview of Cyber Threats in 2018 4
Chapter 1 – Spotlight on Cyber Threats 8
Advanced Persistent Threats 10
Website Defacements 12
Phishing URLs 14
Malware 16
Chapter 2 – Target.SG 20
Target.GOV.sg
22
Case Study – Cyber-attack on SingHealth
Target.EDU.sg
26
Case Study – Cyber-attack on Universities
Target.ORG.sg
28
Case Study – Crypto-jacking
SINGAPORE CYBER LANDSCAPE 2018
Target.YOU.sg
Copyright 2019 30
Case Study – Nearly@scammed.com
By Cyber Security Agency of Singapore
Chapter 3 – Singapore’s Cybersecurity Strategy – Developments in 2018 32
With contributions by the Defence Cyber Organisation,
Defence Science and Technology Agency, DSO Pillar One: Building a Resilient Infrastructure 36
National Laboratories, Government Technology
Agency of Singapore and Singapore Police Force Pillar Two: Creating a Safer Cyberspace 38
All rights reserved. Pillar Three: Developing a Vibrant Cybersecurity Ecosystem 40
ISBN: 978-981-14-1612-5 Pillar Four: Strengthening International Partnerships 44
Designed by:
Looking Ahead: Anticipated Trends 46
APT811 Design & Innovation Agency
www.apt811.com
Glossary 50
Contact Details 52
1
FOREWORD
Cybersecurity incidents made some of the Smart Nation Scholarship, to support talented
biggest headlines in 2018. Data breaches, students pursuing a career in cybersecurity. In
in particular, were reported across multiple addition, the establishment of the $30 million
industries. Facebook, Cathay Pacific and ASEAN-Singapore Cybersecurity Centre of
Marriott were just some of the high-profile Excellence underscores Singapore’s efforts
organisations that were hacked and had to build regional cyber capacity and promote
sensitive information stolen. international collaboration.
Singapore was not spared as well. We were Singapore marks its Bicentennial
hit by the most serious data breach in our Commemoration in 2019. This journey over the
history – 1.5 million SingHealth patients had last 200 years has seen us develop from a small
their non-medical personal particulars illegally trading outpost to a global digital hub. As we
accessed and copied. As cyber threats grow in advance towards our vision of a Smart Nation,
scale and sophistication, it is clearly no longer a cybersecurity is a vital prerequisite
question of “if”, but rather “when” an attack will and key enabler – the invisible glue that instils
hit us. Even as we strive to make our systems trust and confidence in our digital plans. We
as secure as possible, it is imperative that we hope this third edition of the Singapore Cyber
respond to an incident swiftly, robustly and Landscape will provide useful lessons from
decisively. The cyber-attack on SingHealth was past incidents, so that we can better prepare
a stark reminder for us to push further in our ourselves for the digital future. Let us keep
cybersecurity efforts collectively as a nation. Singapore’s cyberspace safe
On the international stage, Singapore remains and secure, together.
firmly committed to the establishment of a rules-
based international order in cyberspace; and
condemns all malicious cyber activities, which
threaten the safety and security of Singapore
and Singaporeans.
2018 also saw significant progress in enhancing
Singapore’s cybersecurity. We passed and
implemented the Cybersecurity Act, which
provides a legal framework for the oversight and
maintenance of cybersecurity in Singapore. To
nurture a vibrant cybersecurity ecosystem, we David Koh
launched initiatives such as the Industry Call for Commissioner of Cybersecurity and
Innovation, which laid the ground for long-term, Chief Executive
holistic cybersecurity investments, and the Cyber Security Agency of Singapore
2 3
OVERVIEW OF DDoS ATTACK PEAKS PHISHING
CYBER THREATS IN 2018
s
t bp
s
bp
1.7
1st
s
5t
t bp
s
t bp
1. 3
TIMELINE OF SELECTED CYBER INCIDENTS IN 2018 2nd
s
1. 2
3rd
bp
1.1
2t
Unidentified US-based
0.6
GLOBAL INCIDENTS LOCAL INCIDENTS
Banking and
Financial Services
Krebsonsecurity
JAN
service provider
OVH France
Technology File Hosting
Provider
16,100
• APT-attributed malware (nicknamed FEB
GitHub
‘Olympic Destroyer’) disrupted Opening
Dyn
Ceremony of the PyeongChang Winter
Olympic Games
SEP SEP OCT FEB MAR
• Largest Distributed Denial-of-Service MAR 2016 2016 2016 2018 2018
(DDoS) attack in history on unidentified phishing URLs with a
US-based service provider RECORD PEAKS OF DISTRIBUTED DENIAL- Singapore-link were detected.
• SamSam ransomware disrupted Atlanta’s
OF-SERVICE ATTACKS – A COMPARISON
municipal services
In 2018, the largest Distributed Denial-of-
Service (DDoS) attack ever recorded was MALWARE
APR • User accounts belonging to academic staff
conducted using a relatively new method. As
in four Singapore universities compromised
in cyber-attack threat actors find new attack methods, even
21
higher peaks of DDoS attacks may be seen.
Cases of ransomware
were reported to SingCERT
MAY • PageUp malware breach affected 300,000
Careers@Gov portal users
CYBERCRIME IN SG
300
Unique Command and
JUN • Personal particulars of 1.5 million patients
stolen in cyber-attack on SingHealth Control servers were
ONLINE CHEATING observed in Singapore
CYBER EXTORTION
JUL COMPUTER MISUSE ACT TOTAL
6,179 Botnet drones
TOTAL (compromised
AUG TOTAL
5,351 computers infected with
• Ransomware attacks hit Port of San Diego SEP
5,175
2,900 malicious programs) with
Singapore IP addresses
• Facebook data breach affected were observed daily,
30 million users on average
• Financial information of 429,000 passengers
stolen in British Airways data breach
WEBSITE DEFACEMENT
605
• Cathay Pacific Airways data breach OCT • 72 user accounts in Health Promotion
affected 9.4 million passengers Board’s HealthHub portal accessed illegally
• Guest information stolen from 383 million NOV • Unauthorised access to more than 200
Marriott International accounts State Courts electronic case files
2016 2017 2018
• Personal details of German DEC Singapore-linked website
politicians exposed
Cybercrime cases accounted for defacements were detected.
18.6% of overall crime in 2018.
4 5
SELECTED MAJOR DATA BREACHES IN 2018
CATHAY PACIFIC AIRWAYS
9,400,000 RECORDS
Type of
Information:
Host:
Cause:
MARRIOTT INTERNATIONAL QUORA
(STARWOOD HOTELS AND RESORTS)
383,000,000 RECORDS 150,000,000 RECORDS
ATRIUM HEALTH DATA BREACHES
Type of Type of
Information: Information: 2,650,000 RECORDS Threat actors target vulnerable points in
Host: Host: public and private organisations, businesses,
Type of
Information : and even cloud computing systems to pivot
Cause: Cause:
Host : to sensitive data they are interested in. The
figure shows the relative scale of selected
Cause :
major data breaches that occurred in 2018.
GOOGLE+ NEWEGG LEGEND
SINGHEALTH
52,500,000 RECORDS 50,000,000 RECORDS 1,500,000 RECORDS TYPE OF INFORMATION :
Type of Type of
Information: Information: Type of * Personal Information Medical Information
Information:
Host: Host: Financial Information Account Information
Host:
Cause: Cause:
Cause: * Limited information compromised
HOST :
Cloud Infrastructure Third-Party Servers
Company
Undisclosed
Private Servers
FACEBOOK TICKETFLY BRITISH AIRWAYS
30,000,000 RECORDS 27,000,000 RECORDS 429,000 RECORDS CAUSE :
Vulnerability Undisclosed
Type of Type of
Type of
Information: Information:
Information: Unauthorised
Phishing
Host: access through
Host: Host: third-party supplier
Cause: Malware
Cause: Cause:
6 7
CHAPTER 1
SPOTLIGHT ON
CYBER THREATS
Singapore faced a number of cyber threats in 2018,
including Advanced Persistent Threats, website
defacements, phishing, and malware activities.
This chapter details our observations on some of
these cyber threats, trends, and motivations from
the period of January to December 2018.
INFORMATION
8 9
CHAPTER 1 SPOTLIGHT ON CYBER THREATS
ADVANCED PERSISTENT THREATS
In the past two editions of the Singapore DISRUPTION FINANCIAL GAIN CYBER ESPIONAGE
Cyber Landscape, we highlighted the
significance and potential impact that
Advanced Persistent Threats (APT)
have on our cyber ecosystem. Often
associated with a nation-state, APT
groups have access to a wealth of
resources and deep expertise to achieve
their objectives, which include causing
disruption, cyber theft for financial gain,
and conducting cyber espionage.
APT groups may choose to target A number of high-profile cyber-attacks APT groups are known for conducting
prominent, highly-visible international targeting payment systems were information gathering and cyber
events with the aim of disrupting them to attributed to APTs, resulting in significant espionage. Information gathered can be
draw attention. The Opening Ceremony losses to affected financial institutions. useful for intelligence purposes, and/or
of the PyeongChang Winter Olympic These attacks typically involve tactics, give countries a competitive advantage
Games in February 2018 was one such techniques and procedures (TTPs) such over rivals during state negotiations.
example. The attack, attributed to an as phishing e-mails to compromise One such example was a watering hole 1
Asia-based APT group, disrupted Internet employee accounts and gain access campaign active in the last quarter of 2018
access and telecasts, and shut down to systems and networks, as well as that compromised several government
websites covering the event. technical methods to cover the attackers’ and media websites in Vietnam and
tracks. In June 2018, attackers breached Cambodia. These websites were used to
Another type of APT attack seeks to
the SWIFT payment system at the Bank infect visitors with spying malware. This
disrupt operations. Shamoon, a type
of Chile and the Cosmos Bank, siphoning attack was attributed to an Asia-based
of wiper malware associated with an
off US$10 million and US$13.5 million APT group that cybersecurity experts
APT group based in the Middle East,
respectively, through fraudulent wire had identified as being behind several
is designed to wipe data and render
transfer requests. These attacks were espionage and spear-phishing campaigns
endpoints and servers unbootable. This
likely conducted by the same APT group. targeting Southeast Asian countries.
prevents the targeted organisation from
conducting business as usual. First seen
in 2012 in the energy industry, it re-
emerged in December 2018, affecting
a number of organisations across many
industries in the Middle East.
1
A watering hole attack is a type of cyber-attack targeting a particular organisation, where malware is delivered from websites
that are regularly visited by the organisation’s members and infects its systems.
10 11CHAPTER 1 SPOTLIGHT ON CYBER THREATS
NO. OF DEFACED SINGAPORE WEBSITES REPORTED IN 2018
WEBSITE DEFACEMENTS 129
85
64 69
57
47
36 36
28
20 20
14
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
3 10
where malicious code is inserted into the web-
based application, and by gaining access to the
web servers.
IN Websites published on the WordPress platform
websites were remained the most targeted for defacements in
CSA detected 605 cases of website For example, the Singapore website defaced previously 2018, continuing a trend observed since 2016. In
defacement in Singapore in 2018, a of a major Japanese advertising firm Singapore, over a third of the websites defaced
70 per cent decrease from 2,040 in was compromised and replaced by a were built on WordPress. A WordPress file
2017. These websites belong to a range message “Sec == ‘0’” in January 2018. deletion vulnerability, first disclosed on 26 June
of organisations – from government 2018 and affecting all versions of WordPress up to
A spike in defacements observed in then, could allow an attacker to have full control
agencies, businesses, and media
November 2018 was likely caused by over the website. WordPress released an updated
companies. Two Singapore Government
an attacker exploiting vulnerabilities in platform version that fixed the vulnerability on 5
websites were among those defaced.
an unpatched web server. 101 websites July 2018, and SingCERT published an alert a week
While most affected websites belong to
belonging to various businesses hosted later, advising WordPress website owners and web
Small and Medium Enterprises (SMEs),
on this server were compromised hosting providers to update to the latest version
larger organisations were also hit.
by the same attacker in a single immediately.2 However, as of March 2019, about
In January 2018, the
day. Defacements are indicative of 40 per cent of the defaced WordPress websites
Singapore website of a major
vulnerabilities present in a website’s had yet to be patched to the latest version.
WEBSITE DEFACEMENTS (2016 – 2018) Japanese advertising firm
underlying infrastructure. This may be was compromised, with its
a harbinger of more damaging cyber- Worryingly, 185 of the defaced websites – or about
homepage replaced only with
Year 2016 1,750 attacks, such as hosting malicious 30 per cent of the cases – were defaced previously.
the message “Sec == ‘0’”.
content on the website or using it as a Re-defacements suggest that website owners
have yet to take appropriate security and patching
Year 2017 2,040 platform to launch attacks.
measures to protect their websites, even after
Defacements usually take place when being attacked before. The variety of intrusion and
Year 2018 605 unpatched/ outdated websites and their compromise methods underlines the importance
hosting servers are attacked. Common of using stronger login credentials and timely
methods of intrusion include Structured patching of known vulnerabilities.
Query Language (SQL) injections,
2
“[SingCERT] Alert on WordPress 4.9.7 Security Release,” SingCERT Advisories & Alerts, 12 July 2018,
https://www.csa.gov.sg/singcert/news/advisories-alerts/alert-on-wordpress-4-9-7-security-release.
12 13CHAPTER 1 SPOTLIGHT ON CYBER THREATS
COMMONLY SPOOFED ORGANISATIONS IN 2018
PHISHING URLS Apple Alibaba
ATB Financial
GitLab
Adobe PayPal AT&T DHL
Docusign Facebook Yahoo
Bank of America
Chase Bank Microsoft 1st Banking and Financial Services
Dropbox
(e.g. Bank of America)
Google 2nd Technology
Postmaster Amazon
(e.g. Microsoft)
3rd File Hosting Services
Free Mobile France Mailbox (e.g. Dropbox)
16,100 phishing URLs
with a Singapore-link were
Users are advised to remain vigilant against
observed in 2018, a 30 per phishing attacks, and to be cautious and verify
cent decrease from 2017. the identity of the sender, before clicking on
suspicious URLs.
Phishing e-mails usually OK
spoof, or pretend to originate NUMBER OF PHISHING URLS WITH A SINGAPORE-LINK OBSERVED IN 2018
from, reputable firms and
3,849
organisations. Companies in
the banking and financial
services, technology, and file
hosting services made up 2,406
almost 90 per cent of spoofed 1,931 1,867 1,879 1,786 These contained malware
companies in 2018. 1,526 1,601
that could be used for
1,155
In Singapore, websites of 812
keylogging and executing
767
Government organisations such 553 malicious commands on TAKING ADVANTAGE USE OF DYNAMIC DOMAIN LEVERAGING GENERIC
as Ministry of Manpower (MOM), compromised devices. OF “HTTPS” NAME SYSTEM SERVICES TOP LEVEL DOMAINS
Singapore Police Force (SPF) JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC (DDNS) SERVICES Domains such as
2,450 phishing URLs
Increasingly, threat actors 210 URLs were “.com” (8,100 URLs)
and Immigration & Checkpoints were observed using
by taking advantage of their “giveaways” ended up giving are also using ingenious observed using DDNS and “.club” (700 URLs)
Authority (ICA) were commonly “HTTPS” in 2018, a more
interest in such events. During away their personal information tactics to trick individuals than tenfold jump from
services in 2018, three were commonly abused,
spoofed to steal personal and times more than in 2017. making up more than
the FIFA World Cup tournament to cybercriminals. Separately, in and evade detection. just 200 of such URLs in
financial data from victims. Such services enable half the observations
in June 2018, several soccer- the lead-up to the Democratic Some examples include 2017. Using “HTTPS” – malicious URLs to for 2018. They are
Phishing activity typically themed phishing e-mails People’s Republic of Korea-USA the use of HTTPS, rather than “HTTP” – change their IP relatively cheap (or
lures victims into a false addresses constantly even available for free)
increases when major events and websites were observed, Singapore Summit held in June Dynamic Domain Name
sense of security, by to evade applications and lack regulation,
occur. Threat actors dupe targeting sports fans with fake 2018, an intelligence-gathering System (DDNS) services, having them believe that that block static allowing threat actors to
victims into opening phishing gifts from FIFA or its sponsors. campaign targeted South and using generic top they were transacting malicious IP addresses. constantly create new
e-mails and their attachments Fans who responded to these Koreans with phishing e-mails. level domains: on a secure website. malicious URLs.
14 15CHAPTER 1 SPOTLIGHT ON CYBER THREATS
Fewer ransomware cases were reported to
MALWARE CSA in 2018. There were also significantly fewer
FEATURED TOPIC
Command and Control (C&C) servers observed
in Singapore; however, the number of botnet ADVERSARIAL AI IN CYBERSECURITY
drones – compromised computers infected
with malware – remained largely similar.
RANSOMWARE
21 ransomware cases were reported to CSA in ransom payments. In February 2018, a private
in 2018, a decrease from 25 in 2017. Although financial institution in Singapore was infected
the number of reported cases is low, the actual with GandCrab, when one of its employees
number of ransomware cases may be higher as surfed a compromised website and was
many go unreported. Ransomware affected prompted to install a ‘font update pack’ for
systems across multiple industries in Singapore, displaying the website properly.
such as construction, education, and food and
Ransomware remains a common threat. Europol
beverage. While there were no global widespread
has warned that targeted ransomware attacks
campaigns like the WannaCry attacks seen
which are tailored to specific organisations or
in 2017, ransomware remains lucrative, and
individuals, such as GandCrab and SamSam,4
continues to evolve in sophistication.
may become the new normal.5 Organisations
GandCrab was described as “one of the most should ensure that their systems are regularly
aggressive forms of ransomware” 3 in 2018. updated to thwart known ransomware threats.
Since its discovery in January 2018, GandCrab They should also not make any form of payment
has infected over half a million computers and is demanded, as there is no certainty they would Machine learning and data- malware that are able to to poison data used to
believed to have extorted around US$300 million get their data back. driven detection systems bypass malware detectors. train the models and
are being adopted in One way to counter this attack thus influence decision
cybersecurity applications would be to include GAN boundaries. One method
to cope with rapidly evolving samples during re-training, of defending against
GANDCRAB, THE MONEY- Some characteristics of GandCrab cyber-attacks. However, so that the malware detector this type of attack
GRABBING RANSOMWARE include: (a) being frequently updated threat actors are now is tuned to identify this class involves processing the
to evade detection and deletion, (b) leveraging adversarial of mutated samples. training data to identify
GandCrab is offered in the
targeting mainly English-speaking Artificial Intelligence (AI) potential adversarial data
Dark Web as Ransomware- To combat against new cyber-
countries, and (c) customisable technologies to deceive manipulation first, before
as-a-Service (RaaS) by attacks, AI engines constantly
ransom demands. these systems. One method providing them to train
its criminal developers. train and update their models.
Modeled after Software-as- As part of the No More Ransom of deception involves using the AI engines.
This adaptive learning
a-Service (SaaS) principles, initiative, free decryption tools for Generative Adversarial
process, however, creates an
cybercriminals without later versions of GandCrab are made Networks (GANs) to create
opportunity for threat actors
programming knowledge available for affected victims to new variants from known
would rent such ransomware recover their files. This public-private
for their malicious activities, cooperation exemplifies the need for
and pay the developers by collaboration between government
sharing a portion of and industry partners to combat 3
“The GandCrab Ransomware Mindset,” Check Point Research, 13 March 2018,
the collected ransoms. global cyber threats together. https://research.checkpoint.com/gandcrab-ransomware-mindset.
4
On 22 March 2018, the City of Atlanta in the US state of Georgia suffered a ransomware attack which affected several local
government systems and disrupted businesses. Almost US$17 million was reportedly spent in recovery efforts. The ransomware
used in the attack, dubbed ‘SamSam’, was also linked to another ransomware attack on the Port of San Diego in September 2018.
5
Palmer, Danny. “Cybercrime: Ransomware remains a 'key' malware threat says Europol,” ZDNet, 18 September 2018,
https://www.zdnet.com/article/cybercrime-ransomware-remains-a-key-malware-threat-says-europol.
16 17CHAPTER 1 SPOTLIGHT ON CYBER THREATS
COMMAND AND CONTROL SERVERS AND BOTNET DRONES
Gamarue Conficker Mirai WannaCry Gamut Others
SingCERT is responsible for then asks the relevant agencies 100%
the prevention, detection and such as the Info-communications
90%
resolution of cybersecurity Media Development Authority
incidents in Singapore, acting (IMDA) or relevant abuse team of 80%
on information provided the local hosting providers to take
70%
by government agencies, them down and restore legitimate
international counterparts and services. When the hosting 60%
the public. When SingCERT provider is located overseas, 50%
In 2018, CSA observed about receives information regarding SingCERT collaborates with
300 unique C&C servers in C&C servers hosted in Singapore, the relevant foreign Computer 40%
Singapore, a 60 per cent the team first confirms the Emergency Response Teams 30%
decrease from 2017. locations of the servers, and (CERTs) to do the same.
20%
10%
FEATURED TOPIC
0%
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
OPEN PORTS On average, five common malware accounted for over half the daily infections in 2018.
Open ports attract malware infection and may be
0101001 used to launch cyber-attacks, such as Distributed
1011101 On average, nearly 2,900 botnet drones with suggests that many users have yet to patch
0101110 Denial-of-Service (DDoS) attacks. DDoS attacks Singapore IP addresses were observed daily.7 their devices, or use antivirus software, to
1010000 inundate websites and services with incoming
0101010 About 470 malware variants were detected, prevent infections. This is also the likely
1010101 traffic, causing them to become unavailable. In but the top five malware observed – Gamarue, explanation for how WannaCry – the
0000000
February 2018, the two largest DDoS attacks Conficker, Mirai, Wannacry, and Gamut – ransomware that wrecked havoc across the
0101010
1010101 recorded in history occurred just five days apart accounted for over half of observed infections, globe in 2017 that can now be easily detected
0101010
1010101 from each other. Unlike large-scale DDoS attacks echoing trends observed in previous years. by antivirus software – continued to persist on
0101010 that usually employ malware-driven botnets, these
1010101 These are not new malware; Conficker, in local systems and computers.
0000000 two attacks stemmed from servers where specific particular, dates back to 2008.
0101010 ports were left open unnecessarily.6 Separately, the Mirai malware had been linked
1010101 The top malware, Gamarue, steals personal to botnet campaigns targeting unpatched
0101010
1010101 The first attack peaked at 1.35 Tbps and targeted information and can also function as a Internet of Things (IoT) devices. A number
0000000 the developer platform, GitHub. The peak was 30
0101010 medium to distribute other malicious of malicious campaigns are increasingly
1010101 per cent higher than the previous record set by the programs. Although Gamarue’s infrastructure leveraging open-source Mirai malware –
0101010 attack targeting Dyn in 2016. The second attack
1 1 1 1 was largely dismantled in an international shared openly on the Internet – to conduct
targeted a US-based service provider, and set the operation in December 2017, efforts to brute-force attacks with common usernames
current peak record of 1.7 Tbps. wipe it out completely had been slow and and passwords. The observations indicate
010010101
If users must utilise open ports for their work, they challenging,8 and Gamarue had continued that many users do not change default login
should always safeguard them by avoiding default to infect systems throughout 2018.9 The credentials of their smart devices.
0100101010010011 0100101010010011 persistence of Gamarue infections into 2018
0100101010010011 0100101010010011 credentials, and close the open ports promptly
0100101010010011 0100101010010011
when not in use.
7
Based on unique Internet Protocol (IP) addresses (the numerical code assigned to each device that can connect to the Internet
or other networks), about 115,000 botnet drones were observed in Singapore in 2018.
8
Parrish, Kevin. “The Andromeda botnet still lingers as nations struggle to clean infected PCs,” Digital Trends, 14 August 2018,
https://www.digitaltrends.com/computing/andromeda-botnet-still-infects-pcs-africa-asia.
9
Brumaghin, Edward and Unterbrink, Holger with contributions from Tacheau, Emmanuel. “Old dog, new tricks –
6
Specifically, memcached servers, used for speeding up networks and improving performance of web applications, were instead Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox,” Cisco Talos Blog, 15 October 2018,
hijacked to carry out the two DDoS attacks. https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html.
18 19CHAPTER 2
TARGET.SG
Singapore has been, and will continue to be, the
target of cyber-attacks by Advanced Persistent
Threat groups and other threat actors. This
chapter offers insights and practical lessons from
cyber-attacks that affected different segments
of Singapore in 2018, and how we can learn from
them to strengthen our collective cybersecurity.
20 21CHAPTER 2 TARGET.SG
Even as we do our best to secure our systems,
it is a matter of when, not if, our systems are breached.
The cyber-attack on SingHealth is a reminder for us to do
TARGET.GOV.SG better in our cybersecurity efforts, together as a nation.
– Mr David Koh, Commissioner of Cybersecurity and Chief Executive CSA,
emphasising the need for collective cybersecurity
CASE STUDY
CYBER-ATTACK ON SINGHEALTH
In 2018, SingHealth’s network WHAT HAPPENED?
was the target of a deliberate The attacker gained initial access to SingHealth’s IT
and well-planned cyber-attack. network around August 2017, by infecting front end
The scale of this cyber-attack was workstations, most likely through phishing attacks.
unprecedented. The personal After lying dormant for several months, the attacker
moved laterally through the network between
particulars of 1.5 million patients
December 2017 and June 2018, compromising
and the outpatient dispensed additional endpoints, servers and user accounts.
medication records of 160,000 of
From May 2018, the attacker made multiple
them were illegally accessed and
unsuccessful attempts to connect to SingHealth’s
copied. Prime Minister Lee Hsien patient database system. On 26 June 2018, the
Loong’s records were specifically attacker obtained credentials to the database, and
and repeatedly targeted. began querying and exfiltrating patient records the
following day.
There was, however, no evidence that the On 4 July 2018, an IT administrator at Integrated
data had been tampered with or deleted. Health Information Systems (IHiS), the IT agency
No clinical services were disrupted, and serving the public healthcare sector including
patient care remained uncompromised. SingHealth, noticed suspicious queries made on the
The Committee of Inquiry (COI) into the database. The suspicious queries were terminated
cyber-attack on SingHealth’s database by IHiS’s IT administrators, and measures were put
system established that the cyber- in place to prevent further queries from being made.
attack was the work of a skilled and On 10 July 2018, the cyber incident was escalated
sophisticated actor, which bore the to the Cyber Security Agency of Singapore (CSA),
characteristics of an Advanced SingHealth’s senior management, the Ministry of
Persistent Threat (APT) group. The Health (MOH), and Ministry of Health Holdings
COI found that the attacker was well- (MOHH). CSA’s National Cyber Incident Response
resourced, and had used advanced Team (NCIRT) was immediately deployed on site to
techniques and tools to target the work with IHiS to carry out joint investigations and
SingHealth patient database and illegally remediation. They took steps to contain the threat,
exfiltrate patient data. The attacker was eliminate the attacker’s footholds, and prevent
persistent, evaded detection for a long recurrence of the attack.
time, and even re-entered the network
after being detected.
22 23CHAPTER 2 TARGET.SG
RECOMMENDATIONS The COI made 16 recommendations relating to
FEATURED TOPIC strategic and operational measures to strengthen
MADE BY THE COI the cybersecurity posture of SingHealth and IHiS.
INTO SINGHEALTH These recommendations are generally applicable to
STRENGTHEN GOVERNMENT ICT SYSTEMS all organisations responsible for large databases of
To build a secure and resilient Smart tapping on technology to support its IT staff personal data. Some key actions that all organisations
Nation, the Government’s approach to and automate cybersecurity tasks, such as must consider implementing are as follows:
cybersecurity is underpinned by two key patch management. In terms of Technology,
principles. First, we adopt a ‘defence- the Government will continue to build up
1 2 3
in-depth’ strategy, with multiple layers the defence and resilience of its systems,
of cyber defence to impede attackers. while implementing measures to better
These layers of defence cascade from the detect and respond to cyber threats.
perimeter to within the systems. Given
The Government can more effectively
enough time and resources, sophisticated
defend our systems if we involve the global
and determined attackers may eventually
and local communities of cyber defenders
find their way into the system. The Include cybersecurity as Provide all staff with Train and equip all
to identify vulnerabilities and strengthen
layered defence approach will enable part of the organisation’s training to build awareness staff to recognise and
the Government’s ICT systems. For example, risk management, with on the best cyber hygiene respond to cybersecurity
security teams to detect any breach and
the Government Technology Agency deliberations and decisions practices, and cultivate incidents, and to report
respond swiftly. Second, we enhance our
of Singapore (GovTech) and CSA are on balancing cybersecurity an organisational culture these incidents in a
system defence on three fronts – People, and trade-offs (e.g. cost, where cybersecurity is timely manner.
partnering local and overseas cybersecurity
Processes and Technology. In terms of operational requirements) everyone’s responsibility.
communities on a Government Bug Bounty
People and Processes, the Government based on unique business
Programme (GBBP) to help search and
is developing a stronger cybersecurity considerations (e.g. patient
uncover vulnerabilities in our system.
culture across the Public Service, as well as safety in the case of the public
healthcare sector) managed at
the senior level of leadership.
CSA also coordinated national also implemented for IT on critical Government systems 4 5 6
efforts to mitigate the risk of a systems in other unaffected were introduced to detect
similar attack affecting other public healthcare clusters and respond more quickly to
Critical Information Infrastructure
(National Healthcare Group and cybersecurity threats.
(CII) systems, by sharing threat National University Healthcare
SingHealth began contacting the
intelligence with CII owners and System) on 22 July 2018. The
affected after the Government
instructing them to undertake Government also paused the
announced the news of the Adopt multiple defences, Carry out comprehensive Develop cyber incident
relevant security measures. rollout of new Government
cyber-attack on 20 July 2018. such as encryption, and regular checks and response plans for various
ICT systems from 20 July to
In view of further malicious Concurrently, SingCERT also firewalls and robust data- audits to identify gaps in scenarios, and test and
3 August 2018. During the
activities detected on the issued advisories on precautions access practices, to layers the design of and compliance update them regularly
pause, a review of its existing of security measures, to with policies, processes and by conducting realistic
SingHealth network on 19 July that organisations and
cybersecurity measures was better prevent, detect and procedures, and to ensure exercises and simulations.
2018, Internet Surfing Separation members of the public could
conducted. Although there was respond to cyber incidents. that these gaps are remedied
(ISS) was temporarily imposed take, in anticipation of potential
no evidence of Government ICT according to plan.
on SingHealth’s IT systems on opportunistic attacks.
systems being compromised in
20 July 2018. As a precautionary
this attack, additional measures
measure, temporary ISS was
24 25CHAPTER 2 TARGET.SG
TARGET.EDU.SG CASE STUDY
CYBER-ATTACK ON UNIVERSITIES
Threat actors target academic institutions for a variety
of reasons. These include stealing sensitive research
information, and using them as stepping stones to gain
access to high security systems and networks.
In 2017, the National University of Singapore (NUS)
and Nanyang Technological University (NTU) were hit
by sophisticated cyber-attacks that were assessed
to be the work of APTs. These incidents highlight
the need for academic institutions to stay vigilant
constantly and strengthen their cybersecurity
defences, as part of measures to protect their
intellectual property.
Y
IT
ERS
I V
UN
WHAT HAPPENED? FOLLOW-UP ACTION
In April 2018, CSA received resembled the web portals of the The affected universities
information that there was a universities. These portals were reset the passwords of
breach of user account credentials made to look as if the victims had all users, and scanned
at various universities in Singapore. accidentally logged out of their computers and networks
Further investigations revealed accounts and prompted them to for signs of further
that at least 52 accounts from four enter their login credentials. compromise. SingCERT
universities – NTU, NUS, Singapore sent out advisories to
The login credentials of the
Management University (SMU), alert all users about the
victims were later used to gain
and Singapore University of incident, and heighten
unauthorised access to the
Technology and Design (SUTD) – their vigilance against
online libraries of the universities,
had been compromised. similar attacks and other
in order to obtain research
potential cyber threats.
Unsuspecting victims received publications of staff members
spear phishing e-mails that across various research fields and
directed them to a credential academic disciplines.
harvesting website, which closely
26 27CHAPTER 2 TARGET.SG
TARGET.ORG.SG
FEATURED TOPIC
Organisations are frequently targeted by threat actors, most
often to steal private and personal information from their
databases. As more Small and Medium Enterprises (SMEs) go
digital, business e-mail impersonation scams are expected to
grow in tandem. The Singapore Police Force observed 378
business e-mail impersonation scams in 2018, up from 332 cases
in 2017. In total, businesses in Singapore suffered losses of close
to S$58 million in 2018, an increase of about 31 per cent from 2017.
CASE STUDY
CRYPTO-JACKING
WHAT HAPPENED?
In January 2018, SingCERT received UNAUTHORISED CRYPTO-MINING
information that a training institute’s web
servers had been infected by malware.
BECOMING MORE PREVALENT
FOLLOW-UP ACTION Cybersecurity firms have observed a In January 2018, security company
Four of the institute’s web servers were later
found to be infected by a crypto-mining SingCERT provided technical assistance to the shift in modus operandi from traditional Sucuri discovered a campaign where
malware. No other suspicious activity was organisation to investigate and understand ransomware to crypto-mining, as mining over 2,000 WordPress websites were
detected, although the infected web servers the root cause and potential impact of the cryptocurrency becomes more profitable compromised by a malicious script. This
were observed communicating to Internet incident. SingCERT also worked together with than other criminal business models. script delivered crypto-mining and
Protocol (IP) addresses associated with the organisation to restore all compromised web Internet of Things (IoT) devices have also keylogging malware to devices. Users
crypto-mining operations. servers to their last known serviceable state. emerged as a potential attack vector would experience a decline in computing
that may be abused by cybercriminals. performance of their devices when they
SingCERT later discovered that the institute’s All organisations and businesses should manage ADB.Miner, a Monero crypto-mining visit these compromised websites, whose
web server software had not been patched to their cybersecurity risks appropriately. These botnet which borrowed scanning code malware in turn harness the computing
the latest versions, leading to its subsequent include ensuring that all systems are regularly from Mirai, was found in February power to mine cryptocurrencies. Sensitive
compromise. The attacker exploited these updated and patched for known vulnerabilities, 2018 targeting Android-based devices. information such as payment details
vulnerabilities to hijack the systems and and educating employees on the importance of Another Monero crypto-mining botnet, would also be captured by the malware.
discreetly link the web servers to a crypto- verifying important email requests with business Smominru, utilises the ETERNALBLUE 11
mining pool. The cryptocurrency produced partners first, before responding to them. The exploit and has since infected more than
was then transferred to a cryptocurrency public may refer to the SingCERT alert published 500,000 computers worldwide.
wallet for storage. The attacker remains on 9 November 2017 for measures to counter the
unknown due to the anonymous nature of rising crypto-jacking threat.10
the encrypted wallet.
10
“[SingCERT] Alert on Browser-based Digital Currency Mining,” SingCERT Advisories & Alerts, 9 November 2017, 11
ETERNALBLUE is an exploit which leverages a vulnerability in Microsoft’s Server Message Block (SMB). SMB is a protocol used
https://www.csa.gov.sg/singcert/news/advisories-alerts/alert-on-browser-based-digital-currency-mining. by computers to share access to files and appliances over a network.
28 29CHAPTER 2 TARGET.SG
TARGET.YOU.SG CASE STUDY
Many individuals continue to lack
NEARLY@SCAMMED.COM
cybersecurity awareness and
practise poor cyber hygiene.
WHAT HAPPENED?
According to the Singapore Police Force, In July 2018, a member of the It was later determined that
there were 1,204 cases investigated under public sought SingCERT’s help the e-mail represented a new
the Computer Misuse Act (CMA)12 in 2018, after receiving a threatening form of extortion scam that
a 40 per cent increase from 2017. Some e-mail. The e-mail claimed surfaced recently. The victim’s
of these cases were a result of victims that the victim’s computer had e-mail address and password
who were not alert to phishing e-mails been infected with malware, were likely exposed in a
intended to steal their sensitive personal and demanded payment in previous data breach – where
information such as passwords and credit exchange for not exposing login credentials of affected
card details. video clips of the victim in individuals were leaked – and
compromising situations, not obtained through malware
All individuals should protect themselves
allegedly recorded with the that had compromised the
from cyber threats proactively, and
computer’s own web camera. victim’s computer, as the
practise good cyber hygiene habits at all
To substantiate the threat, scammer had claimed.
times. These include checking for signs
the e-mail also contained the
of phishing before clicking on unknown
victim’s e-mail password.
links or opening attachments in suspicious
e-mails, installing computer protection
software (i.e. anti-virus, anti-spyware/ FOLLOW-UP ACTION
malware, and firewall) and keeping SingCERT advised the victim to change all passwords associated
them updated, and enabling Two-Factor with the compromised e-mail account immediately, enable
Authentication (2FA) where possible. two-factor authentication for the e-mail account if possible, and
Separately, online scams continued to not to make any form of payment. As a precautionary measure,
be a concern. There were about 2,125 SingCERT also recommended performing anti-virus scans on all
e-commerce scams reported in 2018, the victim’s computing devices.
with victims losing a total of about S$1.9
million. 70 per cent of such scams took
place on e-commerce platform Carousell, As our cyber threat surface increases, potential
and involved electronic products and points of vulnerability will become commonplace.
tickets to events and attractions. It is All individuals need to play a conscious role in
important for all individuals to exercise
creating a safe and secure cyberspace.
caution towards unrealistic bargains for
merchandise on e-commerce platforms – Dr Shashi Jayakumar, Senior Fellow, S Rajaratnam School of
to avoid falling prey to such scams. International Studies (RSIS), and Head, Centre of Excellence
for National Security and Executive Coordinator, Future Issues
and Technology, highlighting individuals’ role in cybersecurity
12
The Computer Misuse Act (CMA) replaces the Computer Misuse and Cybersecurity Act
(CMCA) when the Cybersecurity Act came into force on 31 August 2018.
30 31CHAPTER 3
SINGAPORE’S
CYBERSECURITY
STRATEGY –
DEVELOPMENTS
IN 2018
Launched by Prime Minister Lee Hsien Loong at the
2016 Singapore International Cyber Week, Singapore’s
Cybersecurity Strategy sets out Singapore’s cybersecurity
vision, goals and priorities to create a resilient and trusted
cyberspace. It is only with a safe and trusted cyberspace that
we can fully realise the benefits of technology, and secure a
better future for Singaporeans.
This chapter looks back on some key milestones of the
Strategy in 2018.
The Strategy comprises four pillars:
Pillar One: Building a Resilient Infrastructure
Pillar Two: Creating a Safer Cyberspace
Pillar Three: Developing a Vibrant Cybersecurity Ecosystem
Pillar Four: Strengthening International Partnerships
32 33CHAPTER 3 SINGAPORE’S CYBERSECURITY STRATEGY – DEVELOPMENTS IN 2018 CSA has been coordinating the work to realise Singapore’s Cybersecurity Strategy since it was launched in 2016. This chapter provides some of the highlights and achievements across the four pillars of the Strategy in 2018. PILLAR ONE PILLAR TWO PILLAR THREE PILLAR FOUR BUILDING A CREATING DEVELOPING A STRENGTHENING RESILIENT A SAFER VIBRANT CYBERSECURITY INTERNATIONAL INFRASTRUCTURE CYBERSPACE ECOSYSTEM PARTNERSHIPS The first pillar aims to secure our Cybersecurity is a collective Cybersecurity is both a security Cyber threats are borderless. digitally-enabled economy and society, responsibility of the Government, imperative and an economic Strong international collaboration in with emphasis on the Government’s businesses, individuals and the opportunity. The third pillar cybersecurity is necessary to combat partnership with the private sector community. The second pillar looks focuses on developing a vibrant the threats in cyberspace. The fourth and the cybersecurity community to at engaging businesses and the cybersecurity ecosystem. This pillar emphasises the strengthening of strengthen the resilience of our Critical public to collectively build a safer includes building a pipeline of international partnerships and creating Information Infrastructure (CII). and more secure cyberspace. talent and a vibrant industry. opportunities for collaboration. 34 35
CHAPTER 3 SINGAPORE’S CYBERSECURITY STRATEGY – DEVELOPMENTS IN 2018
PILLAR ONE:
BUILDING A RESILIENT INFRASTRUCTURE
FEATURED TOPIC
Participants
from the
maritime sector
being briefed
at the opening
CYBERSECURITY ACT: THE JOURNEY
address for The Cybersecurity Bill was passed in Parliament on 5 February 2018 and came into
Exercise force on 31 August 2018. Extensive public consultations were carried out by CSA and
CyberArk
the Ministry of Communications and Information (MCI) in the drafting of the Act. This
in July 2018.
Source: CSA. included closed-door consultations with key stakeholders, ranging from Government
agencies, potential CII owners, industry associations and cybersecurity professionals, as
MEASURING MATURITY OF CII SECTORS CONDUCTING CYBERSECURITY EXERCISES FOR CII SECTORS well as an open public consultation from 10 July to 24 August 2017.
As part of efforts to build a resilient Since its formation, CSA put through a series of The Cybersecurity Act establishes a legal framework for the oversight and maintenance
infrastructure, CSA launched its CII has been conducting scenarios that gradually of national cybersecurity in Singapore. Its four key objectives are to:
Protection Programme. Under the sector-specific Exercise built up towards a cyber-
programme, the Readiness Maturity CyberArk (XCA) to ensure crisis. Simulated media Authorise CSA to
Index (RMI) Framework evaluates the readiness of all CII sectors conferences were then Strengthen the prevent and respond to
cybersecurity maturity of CII sectors in defending against conducted to validate protection of CII cybersecurity threats
delivering essential services, and increasingly sophisticated the sectors’ crisis against cyber-attacks. and incidents.
allows Sector Leads to build cyber cyber-threats. In 2018, communication processes.
capabilities and resilience against over 300 participants
evolving cyber threats. Besides the sector-specific
from the Media, Aviation, Establish a light-touch
XCA, CSA also conducts
The maturity of a CII sector is measured and Maritime sectors took Establish a framework licensing framework for
a national-level, multi-
based on respective CII owners’ part in XCA on separate for sharing cyber- cybersecurity service
sectoral exercise –
attributes in the RMI Framework. As of occasions to review, security information. providers (to come into
Exercise Cyber Star (XCS) –
2018, all 11 CII sectors have attained a exercise and validate force at a later date).
to validate the National
maturity level of “measurable”, which their cyber defence
Cyber Crisis Management
means that they have demonstrated capabilities and incident A key feature of the Act is the appointment of a Commissioner of Cybersecurity who
System. Two runs of XCS
governance, management oversight, response plans. The is empowered by the Act to oversee all aspects of cybersecurity in Singapore. The
have been conducted to
formalised policies, assigned 4-month planning and Commissioner is assisted by Assistant Commissioners of Cybersecurity, appointed from
date, with the third one
responsibilities, and training of people, development cycle for the respective sectors, who provide the deep domain knowledge and expertise. The
planned for 2019.
with consistent and measurable each run of the exercise Cybersecurity Act provides the Commissioner and his supporting cybersecurity officers
outcomes. CSA will continue to culminated in a 2-day with an important regulatory instrument and statutory powers with which to strengthen
develop appropriate cybersecurity Table-Top Exercise (TTX), Singapore’s cybersecurity and combat cyber threats.
metrics beyond the RMI framework. where participants were
PSA remains fully committed towards strengthening the capabilities and
resilience of our people, processes and platforms against cyber threats, to
ensure the continuity of global trade and realising the “Internet of Logistics”.
– Mr Ong Kim Pong, Regional CEO of PSA Southeast Asia,
on contributing to cybersecurity in Singapore’s maritime sector
36 37CHAPTER 3 SINGAPORE’S CYBERSECURITY STRATEGY – DEVELOPMENTS IN 2018
PILLAR TWO:
CREATING A SAFER CYBERSPACE FEATURED TOPIC
CYBERGREEN
NATIONAL CYBERSECURITY
AWARENESS CAMPAIGN
CyberGreen aims to research and Response Teams (CERTs) to carry
aggregate open source information out remediation and mitigation
to measure and create awareness of efforts proactively.
the cyber health status of a country. In May 2018, CSA launched the second
In 2018, the platform added more
In partnership with the CyberGreen campaign, Cyber Tips 4 You. The
scanning locations and enhanced
Institute, Singapore developed cyber campaign identified four cyber tips for
the risk protocols matrix. It also
health metrics for the ASEAN region the public to adopt:
provided better visualisations and
to provide an overview of the overall
allowed countries to compare their
state of cyber health while allowing
state of cyber health with others.
regional Computer Emergency
INTERNET HYGIENE RATING AND BENCHMARKING
CSA implemented the Internet review of ratings based on industry-
Use an Use Strong Passwords
Hygiene Rating and Benchmarking specific threats and trends.
Anti-Virus and Enable Two-Factor
(IHRB) tool for CII Sector Leads and Software Authentication
All CII Sector Leads and owners are
owners in 2018. The tool incorporates
given access to the IHRB for their Visitors trying their hand at creating a strong password
a management-friendly dashboard at the “Cyber Tips 4 You” campaign at Bedok Mall in
continuous internal monitoring.
that improves an organisation’s May 2018. Source: CSA.
Through this data-driven security
cybersecurity situational awareness,
performance rating, Sector Leads and
and encourages regular self-checks Starting from November 2018, a Cyber
owners are able to create a common
by benchmarking against entities in Savvy Machine Pop-Up, featuring a Cyber
benchmark for comparison, enabling
the same or similar industries. It also Spot Signs Update your Savvy vending machine and information
them to come up with proactive of Phishing Software ASAP
enhances the organisation’s Internet panels, will make its rounds to one public
policies to improve their cybersecurity.
hygiene level through the constant library each month over a period of one year.
The four tips were presented in various Library-goers can test their cybersecurity
broadcast and print formats, including knowledge by attempting a quiz on the
FEATURED TOPIC radio channels, bus stops and MRT machine and win a small gift in the process.
stations. Members of the public were Supporting the outreach effort are students
SECURING OUR COMMUNICATIONS – also invited to attend a café-inspired from Nanyang Polytechnic, who will help to
event, Cybersecurity Awareness For
DSO CRYPTO CHIP Everyone (CAFÉ), to learn how to create
spread cybersecurity messages at the library
on selected days. They will also showcase a
Through R&D, DSO National Laboratories developed strong and memorable passwords. “Cyber Savvy game”, which they developed
the DSO Crypto Chip to protect Singapore’s sensitive About 12,000 visitors attended the two- with CSA, in the respective libraries.
communications and information from potential day launch event held at Bedok Mall.
adversaries. Its small size and low power consumption13
allow it to be used on space- and power-constrained
systems, while meeting the challenging demands of high
throughput and security. The chip incorporates DSO’s
unique protection mechanism, which destroys all secret
data when tampered. This would render the chip useless.
13
The size of the DSO Crypto Chip is similar to a 50-cent coin, and the chip consumes up to 5 times less power than a commercial
chip with similar performance.
38 39CHAPTER 3 SINGAPORE’S CYBERSECURITY STRATEGY – DEVELOPMENTS IN 2018
FEATURED TOPIC
PILLAR THREE:
DEVELOPING A VIBRANT CYBERSECURITY ECOSYSTEM INNOVATION CYBERSECURITY
ECOSYSTEM @ BLOCK71
ENCOURAGING INDUSTRY INNOVATION AND BUILDING ADVANCED CAPABILITIES THROUGH R&D
CSA works with Government agencies, universities, research institutes, and industry
to encourage innovation for next-generation solutions to meet the needs of local and
international markets. Efforts in 2018 included:
a. Lean LaunchPad Programme (LLP) d. Singapore Common Criteria Scheme.
Cybersecurity Track. CSA and the Singapore attained the status of a
National Research Foundation (NRF) Common Criteria15 Certificate Authorising
supported the LLP Cybersecurity Track, a Nation in January 2019. With this, local
10-week experiential learning programme developers need not send their product
to equip cybersecurity researchers and overseas for certification, saving time and
A participant pitching his ideas to a panel of cybersecurity experts and representatives
young start-ups with the necessary costs. This increases the potential of IT- from investment spaces at the ICE71 Inspire programme in July 2018. Source: ICE71.
networks, tools, and market validation security products produced in Singapore
to bring their inventions to market. for export, strengthens Singapore’s In March 2018, CSA and the Info-communications Media Development
competitiveness in the global cybersecurity Authority (IMDA) supported the establishment of the Innovation
b. Industry Call for Innovation. To
market, and attracts global evaluation Cybersecurity Ecosystem at Block71 (ICE71), for three key programmes:
catalyse the development of innovative
and testing laboratories to base their
cybersecurity solutions and adoption by 1. ICE71 Inspire – A bootcamp targeting the academia and industry
operations in Singapore.
end users, CSA initiated an Industry Call to deepen appreciation for entrepreneurship, provide networking
for Innovation in 2018. CSA collaborated e. National Cybersecurity R&D Programme opportunities, and enable potential entrepreneurs to get valuable
with industry14 to consolidate their cyber (NCR). Together with NRF, CSA chairs insights from cyber and innovation experts.
needs into challenge statements. The the NCR to fund projects 16 that seeks to
2. ICE71 Accelerate – An accelerator programme for early-stage
Call drew more than 70 proposals from improve the trustworthiness of cyber
start-ups to gain access to talent, mentors, funding and local
industry solution providers to develop infrastructure with emphasis on security,
ecosystem events.
solutions for 10 challenge statements. resilience, and usability. Examples of
funded projects include SecureAge-NUS’s 3. ICE71 Scale – To provide access to complimentary working space,
c. Establishing National Satellites of
advanced anti-malware solution using testing facilities, regional markets and corporate support services
Excellence (NSoEs). Anchored in local
deep learning, and Scantist-NTU’s smart for start-ups.
universities, the NSoEs were established
binary-level vulnerability assessment for In less than a year, ICE71 has organised a total of 40 events and reached
to build and consolidate local research
cyber-attack prevention. out to more than 50,000 members of the public. Its programmes have
strengths in domains of national interest.
Their research focuses on Trustworthy also engaged some 200 mentors who have helped guide the start-ups
Software Systems, Mobile Systems in their go-to-market strategies.
Security & Cloud Security, and Design
Science and Technologies for Secure
Critical Infrastructure.
The Call provides an excellent platform for us to share with innovators
and solution providers the challenges facing our sector, and for all of
They include Ascendas-Singbridge, PacificLight Power, Singapore LNG Corporation, Singapore Press Holdings, and us to work together to strengthen the country’s capacity to address
14
SMRT Corporation.
15
The Common Criteria product assurance certification, or ISO/IEC 15408, is the de facto standard for cybersecurity product growing cybersecurity threats.
certification around the world.
16
In 2018, the NCR secured additional S$50 million of funding till 2020 to focus on four areas – cloud security, cyber forensic and – Mr Chong Nai Min, Vice President, Information Technology at Singapore LNG Corporation
assurance, applications security and edge computing, and artificial intelligence for cybersecurity. (SLNG), on CSA’s Industry Call for Innovation
40 41You can also read
