Cloud Hosting

A total of 1,817,635 web threats against Internet users were detected and blocked in Singapore between April to June 2022, according to data obtained through the Kaspersky Security Network, marking a 17.6% increase compared to the first three months of this year.

KSN data is collected from Kaspersky customers here who have installed the companys cybersecurity software on their computers and voluntarily shared information with the firm. In 2Q 2022, 23.1% of users in Singapore were attacked by web-borne threats. This places Singapore in 86th place globally in terms of dangers associated with surfing the internet, with the Republic moving up 23 places from 109th in 1Q 2022.

Web-borne threats, or online threats, are a category of cybersecurity risks that may cause an undesirable event or action via the internet, which usually expose people and computer systems to harm. A broad scope of dangers fit into this category, including well-known threats such as phishing and computer viruses.

While large scale phishing attacks have been averted in Singapore this year, the Police have recently warned of an increase in phishing scams where cybercriminals impersonate banking staff and target victims through phone calls or SMS messages.

Cyber threats occur daily and cybercriminals are getting more sophisticated in their methods, although authorities in Singapore have been proactive in deterring and detecting threats as seen in the formation of the Digital and Intelligence Service that was recently announced," says Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.

"But countering cyber threats requires a whole-of-society approach so we need to continue to educate individuals and businesses on the importance of good cyber-hygiene habits to reduce the risk of being a victim of a cyber-attack."

In Singapore, the most common methods used by cybercriminals to penetrate systems include exploiting vulnerabilities in browsers and their plugins (drive-by download), and social engineering.

Exploiting vulnerabilities in browsers and their plugins (drive-by download).

Infection in this type of attack takes place when visiting an infected website, without any intervention from the user and without their knowledge. This method is used in the majority of attacks. Among them, file-less malware is most dangerous: its malicious code uses registry or WMI subscriptions for persistence, leaving no single object for static analysis on the disk.

To fight such stealthy threats, Kaspersky products apply Behavior Detection component that benefits from ML-based models and behavior heuristics to detect malicious activity even if the code is unknown. Another key technology, developed by Kaspersky, is Exploit Prevention which reveals and blocks in real time the malware's attempts to benefit from software vulnerabilities.

Social engineering

These attacks require user participation: a user has to download a malicious file to her computer. This happens when cybercriminals make the victim believe she is downloading a legitimate program.

Protection against such attacks requires a security solution capable of detecting threats as they are being downloaded from the Internet. Since many threat actors nowadays obfuscate malicious code to bypass static analysis and emulation, true protection requires more advanced technologies such as proactive ML-based methods and behavior analysis.

The global cyber threat landscape continues to evolve in 2022, and some of the major trends seen in the first half of the year include cybercriminals exploiting the rise in remote work to penetrate corporate networks, rising supply chain attacks and more companies becoming prime targets amid an accelerated shift to the cloud.

For companies observing remote or hybrid work arrangements, Kaspersky experts offer the following tips to help employers and businesses continue to stay on top of any potential IT security issues and remain productive:

For users, here are the top online security tips for to ensure each of us can play our part in cyber-vigilance:

More:
Singapore sees uptick in cyber threats in 2Q of 2022 - SecurityBrief Asia