October 20, 2022
SINGAPORE – An inter-agency task force has been set up to help businesses as well as research and educational institutions tackle the growing threat of ransomware.
The move is a step towards protecting Singapore’s enterprises, some of which may supply to critical information infrastructure operators that provide essential services here.
Organisations with poor cyber-security practices are particularly vulnerable to ransomware, said Senior Minister Teo Chee Hean, who announced the formation of the task force on Wednesday.
“Ransomware criminals can be opportunistic and highly sophisticated,” said Mr Teo, who is also Coordinating Minister for National Security.
Ransomware has brought many large organisations, some running critical infrastructure, to their knees. Once they infiltrate a corporate network, hackers can use the malware to transfer confidential data and lock up the target systems.
Ransomware hackers typically demand ransoms in exchange for a decryption key to unlock compromised systems or for not exposing stolen data.
“They take advantage of poor cyber-security practices to gain access to their victims’ systems and data, bet on victimised organisations being more willing to pay the ransom and hide the attack than to report the crime, and take advantage of gaps between jurisdictions to evade law enforcement,” Mr Teo said in his opening speech at the 7th annual Singapore International Cyber Week at Marina Bay Sands.
The new Counter Ransomware Task Force aims to bridge this gap, especially since the number of ransomware attacks rose 54 per cent in Singapore from 2020 to 2021, said the Cyber Security Agency (CSA).
Set up earlier in 2022, the task force comprises senior officers from the CSA, GovTech, Infocomm Media Development Authority, Ministry of Communications and Information, Ministry of Defence, Ministry of Home Affairs, Monetary Authority of Singapore, Singapore Armed Forces and Singapore Police Force.
The task force expands on CSA’s purview of protecting critical information infrastructure (CII) for supporting essential services, including transport, healthcare and energy.
Protecting all businesses, and research and educational institutions is important due to the interconnectedness of digital links between the systems of suppliers and partners. Some of these firms may have links to essential service operators.
“If a critical system is brought down by an attack, there could be severe effects on countries and the international system, organisations and businesses; financial losses; and threats to lives and livelihoods,” said Mr Teo.
A data breach in January 2021 involved the personal information of about 129,000 Singtel customers as a result of a ransomware attack. Hackers exploited vulnerabilities in US tech firm Accellion’s file-sharing software, which is used by Singtel and many global firms. Cyber criminals later posted a ransom note addressed to Accellion demanding $250,000 worth of bitcoin. The incident shone the spotlight on supply chain risks.
Other high-profile global incidents include an attack on American fuel transporter Colonial Pipeline’s IT systems in May last year, which affected its oil and gas supply to about 50 million customers, leading to fuel shortages and price hikes.
Singapore’s Counter Ransomware Task Force will look into working more closely with overseas counterparts to spot new threats, stop the flow of fraudulent funds and nab criminals behind ransomware attacks. The task force will also develop and recommend policies, operational plans and measures to improve Singapore’s ability to counter ransomware, said CSA.
Mr Teo said cyber defence in the digital domain here also includes four other areas: telecommunications hardware and cables; software such as national digital identity Singpass and instant payment service PayNow; critical information infrastructure for supporting essential services; and personal devices.
Mr Teo also said CSA is building a next-generation National Cyber Security Centre. It will be located at the Punggol Digital District, said CSA, adding that more details on the centre will be given at a later date.
Personal devices can also introduce risk to the larger digital domain, he said.
Personal devices, such as Internet of Things (IoT) devices, are connected to other networks that can be vulnerable to cyber attacks, said Mr Teo.
He added that schemes like Singapore’s Cybersecurity Labelling Scheme, which rates each device according to its level of cyber-security provisions, can help consumers make informed purchase decisions. So far, more than 200 products have been labelled. These include products from global brands such as Google, Linksys, Asus, TP-Link and Philips.
The scheme will be extended to medical devices, said Mr Teo. More details will be provided later.
A new Internet hygiene portal, announced on Monday, aims to help firms assess how safe their online platforms are for users. The portal comes with a three-tier ranking system that ranks e-commerce sites according to their adoption of security practices.
“Personal devices, including IoT devices, do not exist on their own. They are connected to other devices, systems and networks,” Mr Teo said. “If individuals or these multitude of devices are compromised, they will not only bring harm to themselves, but could be exploited to penetrate and weaken the whole system or network.”
Commenting on the new task force, Mr Bryan Palma, chief executive of US-based cyber-security specialist Trellix, said that there is a similar set-up in the White House for ransomware.
He said: “It needs to be an issue that’s cross-collaborative between the private and public sectors. And that will help, whether it’s setting policy or working with insurers and technology companies.”
Dr Aditya Sood, senior director of threat research and security strategy for cyber-security service provider F5, said: “The Government has taken a step in the right direction by setting up this task force and it is a sign that they understand the enormity of the problem.
“It is a collaborative effort – government will need to work with the private sector to share threat intelligence.”