Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Singapore. Show all posts

Six Hackers Linked to Worldwide Cyber Attacks Arrested in Singapore


The Singaporean authorities have detained six people believed to be associated with a global cybercrime syndicate suspected of masterminding malicious cyber activities all over the world, latest reports said.

The arrest was a result of an extensive operation carried out by various law enforcement agencies in Singapore, further highlighting the growing complexity and reach of organised cybercrime.

The notion that hackers work in some sort of relative isolation is the furthest from the truth. The most substantial cyberattacks committed today are the work of organised crime or even state actors. The groups are very well organised and may be working in multiple countries to fulfil their objectives. To illustrate, North Korea-associated hacking entities have successfully withdrawn billions of dollars in ransomware attacks. These hackers don't work alone but instead use the assistance of other cyber-thieves who introduce them to sensitive information, corporate infrastructure, or digital tools which they use to push malware.

On September 9, 2024, Singapore's police conducted an operation of a large-scale raid comprising 160 officers from the Criminal Investigation Department, the Police Intelligence Department, the Special Operations Command, and the Internal Security Department. The raid was executed over several residential locations in Singapore and resulted in the arrest of six people- five Chinese nationals and one Singaporean. Members of these suspects have been associated with an international cybercrime group that is conducting its unlawful activities all over the world on the net.

Official sources claim that the suspects are connected to a gang engaged in malicious cyber activities from Singapore. During the operation, this resulted in the seizure of several devices, including hacking tools and personal data stolen from outside Singapore, as well as malware control software such as PlugX. Authorities further claim that they have seized about $850,000 worth of cryptocurrency from the suspects.

Even as the six men have been nabbed, investigations by the Singaporean police are still underway to find out their local network and connections with the worldwide cybercrime syndicate. Further investigations may throw more light on how all the cyber operations were executed from this location of Singapore.

The arrests once more underscore the cyber aspect, as criminal syndicates are using borderless operations to victimise private citizens, companies, and governments across the world. Singapore has acted quickly by arresting these hackers in the pursuit of controlling cybercrime and by underlining the importance of international cooperation, especially in fighting emerging threats.

This reminds one that cybercrime is a large and structured industry that goes beyond the hacker's operation. These criminal organisations are widely spread, and members of the outfit perform various other functions in an attack, including unauthorised access to computer systems and spewing of malware. The arrests are a blow to law enforcement agencies in Singapore, but further proof of the systemic problem of cybercrime on the global level.

International authorities have to come together, especially as cybercriminals get more clever and organised. The kind of cooperation between countries, of which the recent Singapore arrest is just a proof, helps dismantle the syndicates and bring before the law its perpetrators.



 

Scammers Exploit Messaging Apps and Social Media in Singapore


 


Singapore is experiencing the dread of scams and cybercrimes in abundance as we speak, with fraudsters relying more on messaging and social media platforms to target unsuspecting victims. As per the recent figures from the Singapore Police Force (SPF), platforms like Facebook, Instagram, WhatsApp, and Telegram have become common avenues for scammers, with 45% of cases involving these platforms. 

There was a marked increase in the prevalence of scams and cybercrime during the first half of 2024, accounting for 28,751 cases from January to June, compared to 24,367 in 2023. Scams, in particular, made up 92.5% of these incidents, reflecting a 16.3% year-on-year uptick. Financial losses linked to these scams totaled SG$385.6 million (USD 294.65 million), marking a substantial increase of 24.6% from the previous year. On average, each victim lost SG$14,503, a 7.1% increase from last year.

Scammers largely employed social engineering techniques, manipulating victims into transferring money themselves, which accounted for 86% of reported cases. Messaging apps were a key tool for these fraudsters, with 8,336 cases involving these platforms, up from 6,555 cases the previous year. WhatsApp emerged as the most frequently used platform, featuring in more than half of these incidents. Telegram as well was a go-to resort, with a 137.5% increase in cases, making it the platform involved in 45% of messaging-related scams.

Social media platforms were also widely used, with 7,737 scam cases reported. Facebook was the most commonly exploited platform, accounting for 64.4% of these cases, followed by Instagram at 18.6%. E-commerce scams were particularly prevalent on Facebook, with 50.9% of victims targeted through this platform.

Although individuals under 50 years old represented 74.2% of scam victims, those aged 65 and older faced the highest average financial losses. Scams involving impersonation of government officials were the most costly, with an average loss of SG$116,534 per case. Investment scams followed, with average losses of SG$40,080. These scams typically involved prolonged social engineering tactics, where fraudsters gradually gained the trust of their victims to carry out the fraud.

On a positive note, the number of malware-related scam cases saw a notable drop of 86.2% in the first half of 2024, with the total amount lost decreasing by 96.8% from SG$9.1 million in 2023 to SG$295,000 this year.

Despite the reduction in certain scam types, phishing scams and impersonation scams involving government officials continue to pose serious threats. Phishing scams alone accounted for SG$13.3 million in losses, making up 3.4% of total scam-related financial losses. The SPF reported 3,447 phishing cases, which involved fraudulent emails, text messages, and phone calls from scammers posing as officials from government agencies, financial institutions, and other businesses. Additionally, impersonation scams involving government employees increased by 58%, with 580 cases reported, leading to SG$67.5 million in losses, a 67.1% increase from the previous year.

As scammers continue to adapt and refine their methods, it remains crucial for the public to stay alert, especially when using messaging and social media platforms. Sound awareness and cautious behaviour is non negotiable in avoiding these scams.


The Rise of AI: New Cybersecurity Threats and Trends in 2023

 

The rise of artificial intelligence (AI) is becoming a critical trend to monitor, with the potential for malicious actors to exploit the technology as it advances, according to the Cyber Security Agency (CSA) on Tuesday (Jul 30). AI is increasingly used to enhance various aspects of cyberattacks, including social engineering and reconnaissance. 

The CSA’s Singapore Cyber Landscape 2023 report, released on Tuesday, highlights that malicious actors are leveraging generative AI for deepfake scams, bypassing biometric authentication, and identifying vulnerabilities in software. Deepfakes, which use AI techniques to alter or manipulate visual and audio content, have been employed for commercial and political purposes. This year, several Members of Parliament received extortion letters featuring manipulated images, and Senior Minister Lee Hsien Loong warned about deepfake videos misrepresenting his statements on international relations.  

Traditional AI typically performs specific tasks based on predefined data, analyzing and predicting outcomes but not creating new content. This technology can generate new images, videos, and audio, exemplified by ChatGPT, OpenAI’s chatbot. AI has also enabled malicious actors to scale up their operations. The CSA and its partners analyzed phishing emails from 2023, finding that about 13 percent contained AI-generated content, which was grammatically superior and more logically structured. These AI-generated emails aimed to reduce logical gaps and enhance legitimacy by adapting to various tones to exploit a wide range of emotions in victims. 

Additionally, AI has been used to scrape personal identification information from social media profiles and websites, increasing the speed and scale of cyberattacks. The CSA cautioned that malicious actors could misuse legitimate research on generative AI’s negative applications, incorporating these findings into their attacks. The use of generative AI adds a new dimension to cyber threats, making it crucial for individuals and organizations to learn how to detect and respond to such threats. Techniques for identifying deepfakes include evaluating the message, analyzing audio-visual elements, and using authentication tools. 

Despite the growing sophistication of cyberattacks, Singapore saw a 52 percent decline in phishing attempts in 2023 compared to the previous year, contrary to the global trend of rising phishing incidents. However, the number of phishing attempts in 2023 remained 30 percent higher than in 2021. Phishing continues to pose a significant threat, with cybercriminals making their attempts appear more legitimate. In 2023, over a third of phishing attempts used the credible-looking domain “.com” instead of “.xyz,” and more than half of the phishing URLs employed the secure “HTTPS protocol,” a significant increase from 9 percent in 2022. 

The banking and financial services, government, and technology sectors were the most targeted industries in phishing attempts, with 63 percent of the spoofed organizations belonging to the banking and financial services sector. This industry is frequently targeted because it holds sensitive and valuable information, such as personal details and login credentials, which are highly attractive to cybercriminals.

Cybercriminals Threaten Release of Stolen World-Check Database, Exposing Millions to Financial Risk

 

A financially motivated criminal hacking group, self-identified as GhostR, has claimed responsibility for the theft of a confidential database containing millions of records from the renowned World-Check screening database. The stolen data, totaling 5.3 million records, includes sensitive information used by companies for screening potential customers and assessing their links to sanctions and financial crime.
 
World-Check, a vital tool for conducting "know your customer" (KYC) checks, enables companies to identify high-risk individuals with potential ties to money laundering, government sanctions, or other illicit activities. The hackers disclosed that they obtained the data from a Singapore-based firm with access to the World-Check database, though the specific company remains unnamed. 

A portion of the stolen data encompasses individuals sanctioned as recently as this year. The compromised records include details of current and former government officials, diplomats, politically exposed persons (PEPs), individuals associated with organized crime, suspected terrorists, intelligence operatives, and even a European spyware vendor. These individuals are deemed high-risk for involvement in corruption, bribery, or other illicit activities. 

The stolen data comprises a wealth of sensitive information, including names, passport numbers, Social Security numbers, online cryptocurrency account identifiers, bank account numbers, and more. Such a breach poses significant risks, as it could potentially expose innocent individuals to unwarranted scrutiny and financial harm. 

Simon Henrick, a spokesperson for the London Stock Exchange Group (LSEG), which oversees World-Check, clarified that the breach did not originate from LSEG's systems but involved a third party's data set. While LSEG did not disclose the identity of the third-party company, they emphasized their commitment to collaborating with the affected party to safeguard data integrity and notify relevant authorities. 

Privately operated databases like World-Check are not immune to errors, raising concerns about the accuracy and fairness of their content. Past incidents, such as the 2016 leak of an older World-Check database, underscore the potential repercussions of erroneous data, including wrongful accusations and financial repercussions for innocent individuals. 

The breach highlights the critical need for enhanced cybersecurity measures and regulatory oversight to protect sensitive personal information and mitigate the risks associated with data breaches. As investigations into the incident continue, stakeholders must prioritize transparency, accountability, and proactive measures to prevent future breaches and safeguard consumer data privacy.

Marna Bay Sands: Data of 665,000 Customers Hacked by Unknown Third Party

 

Singapore is renowned for maintaining stringent cybersecurity and data protection standards in the region. Companies in the country are keenly aware of their responsibility to safeguard cybersecurity, particularly concerning data privacy. In the event of cybersecurity incidents, organizations promptly notify both customers and regulators, implementing swift plans to rectify the situation. 

Recently, Marina Bay Sands (MBS) encountered a data leak involving the personal information of approximately 665,000 members in its shoppers' rewards program, prompting a rapid response from the company.

MBS took immediate action, informing members of its Sands LifeStyle program via email on November 7th about the data leak that occurred between October 19th and 20th. The resort disclosed its awareness of the incident on October 20th and initiated investigations. 

The inquiry revealed that an unidentified third party had accessed the personal data of the affected members. Paul Town, MBS's Chief Operating Officer, reassured members that, as of the investigation's findings, there is no evidence indicating misuse of the data by the unauthorized third party.

The compromised personal data included members' names, email addresses, contact details, country of residence, membership numbers, and tiers. MBS advised affected users to closely monitor their accounts for suspicious activity, change login pins regularly, and stay vigilant against phishing attempts. The company reported the data leak to relevant authorities in Singapore and other applicable countries, collaborating with them in their investigations.

Despite a decline in cybersecurity incidents in Singapore earlier in the year, recent weeks have witnessed an increase in such occurrences. Between the first quarter of 2020 and the first quarter of 2023, data breach statistics in Singapore showed significant fluctuations in the number of exposed records. Besides the MBS data leak, a recent incident involved web service outages in public hospitals and polyclinics due to a distributed denial-of-service (DDoS) attack.

While some might draw parallels between the MBS data leak and recent ransomware attacks on Las Vegas casinos, the situations differ. Unlike the ransomware incidents at Caesars Palace and MGM, MBS did not report any ransom demands. The company asserts that only the personal data of its members was compromised, without any disruption to services. However, the stolen data holds significant value on the dark web. The exact cause of the MBS data leak and whether other data was compromised remains to be determined.

Singapore Explores Generative AI Use Cases Through Sandbox Options

 

Two sandboxes have been introduced in Singapore to facilitate the development and testing of generative artificial intelligence (AI) applications for government agencies and businesses. 

These sandboxes will be powered by Google Cloud's generative AI toolsets, including the Vertex AI platform, low-code developer tools, and graphical processing units (GPUs). Google will also provide pre-trained generative AI models, which include their language model Palm, AI models from partners, and open-source alternatives.

The initiative is a result of a partnership agreement between the Singapore government and Google Cloud to establish an AI Government Cloud Cluster. The purpose of this cloud platform is to promote AI adoption in the public sector.

The two sandboxes will be provided at no cost for three months and will be available for up to 100 use cases or organizations. Selection for access to the sandboxes will occur through a series of workshops over 100 days, where participants will receive training from Google Cloud engineers to identify suitable use cases for generative AI.

The government sandbox will be administered by the Smart Nation and Digital Government Office (SNDGO), while the sandbox for local businesses will be managed by Digital Industry Singapore (DISG).

Singapore has been actively pursuing its national AI strategy since 2019, with over 4,000 researchers currently contributing to AI research. However, the challenge lies in translating this research into practical applications across different industries. The introduction of these sandboxes aims to address potential issues related to data, security, and responsible AI implementation.

Karan Bajwa, Google Cloud's Asia-Pacific vice president, emphasized the need for a different approach when deploying generative AI within organizations, requiring robust governance and data security. It is crucial to calibrate and fine-tune AI models for specific industries to ensure optimal performance and cost-effectiveness.

Several organizations, including the Ministry of Manpower, GovTech, American Express, PropertyGuru Group, and Tokopedia, have already signed up to participate in the sandbox initiatives.

GovTech, the public sector's CIO office, is leveraging generative AI for its virtual intelligence chat assistant platform (Vica). By using generative AI, GovTech has reduced training hours significantly and achieved more natural responses for its chatbots.

During a panel discussion at the launch, Jimmy Ng, CIO and head of group technology and operations at DBS Bank, emphasized the importance of training AI models with quality data to mitigate risks associated with large language models learning from publicly available data.

Overall, the introduction of these sandboxes is seen as a positive step to foster responsible AI development and application in Singapore's public and private sectors.

Phishing and Ransomware Attacks Continues to Hurt Singapore Businesses

 

Phishing efforts and ransomware remained a significant threat to organisations and individuals in Singapore in 2022, despite indicators that cyber hygiene is improving in the city-state, according to a new report from the country's Cyber Security Agency (CSA).

In contrast to the 3,100 incidents handled in 2021, around 8,500 phishing attempts were reported to the Singapore Cyber Emergency Response Team (SingCert) last year, according to the Singapore Cyber Landscape (SCL) 2022. 

Given its low cost and lax usage constraints, top-level domains ending in ".xyz" are favoured by threat actors in more than half of the recorded cases. 

Banks and other financial institutions were the most frequently impersonated companies in phishing attacks. These businesses are frequent targets because they store sensitive and valuable data such as user names and login credentials. 

According to the CSA, the rise in reported phishing attempts followed global trends. Several cyber security providers noted that phishing activities had increased in 2022. In total, SingCert assisted in the removal of 2,918 harmful phishing websites last year. Organisations in Singapore have also been hit by the global ransomware threat, which shows no signs of decreasing.

In contrast to the 137 incidents reported in 2021, 132 ransomware cases were reported to the CSA last year. While the number of reported ransomware attacks has decreased slightly, it is still alarming that small and medium-sized businesses (SMEs) have been hit, particularly those in manufacturing and retail, which may have valuable data and intellectual property (IP) that cybercriminals are interested in stealing. 

There was also a reduction in infected infrastructure, which the CSA described as compromised systems used for harmful reasons such as executing distributed denial of service (DDoS) attacks or spreading malware and spam. In 2022, the CSA discovered 81,500 infected systems in Singapore, a 13% decrease from 94,000 in 2021. 

Despite a high increase in contaminated infrastructure worldwide, Singapore's global proportion of infected infrastructure declined from 0.84% in 2021 to 0.34% in 2022. Although the drop in infected infrastructure in Singapore indicates an increase in cyber hygiene levels, the absolute number of infected systems in Singapore remains high, according to the CSA. 

Colbalt Strike, Emotet, and Guloader were the top three malware infections on locally hosted command and control servers, while Gamarue, Nymaim, and Mirai were the top three malware infections on locally hosted botnet drones, accounting for about 80% of Singapore IP addresses infected by malware in 2022. 

CSA also noted potential threats in its research, such as those related with the expanding deployment of artificial intelligence, which might be leveraged by both cyber attackers and defenders. While machine learning can provide real-time insights about cyber threats, it can also be utilised for malicious purposes, such as highly focused spear-phishing efforts. 

"2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as Covid-19 restrictions began to ease," noted David Koh, commissioner of cyber security and CEO of CSA.

"As with many new technology, emerging technologies such as chatbots have two sides. While we should be optimistic about the opportunities it presents, we must also manage the risks that come with it. "The government will continue to increase its efforts to protect our cyberspace, but businesses and individuals must also play a role," he added.

Hong Kong Will Legalize Retail Crypto Trading to Establish a Cryptocurrency Hub

 


A plan to legalize retail cryptocurrency trading has been announced by Hong Kong to create a more friendly regulatory regime for cryptocurrencies. There has been an opposite trend over the last few years in the city, with skeptical views, as well as China's ban on the practice. 

According to sources familiar with the matter, an upcoming mandatory licensing program for crypto platforms scheduled to take effect in March next year will allow retail traders access to crypto platforms. There has been a request not to name these people since they are not authorized to release this information publicly.

There have been reports that the regulators are planning to allow the listing of higher-value tokens in the coming months but will not endorse specific coins such as Bitcoin or Ether, according to the people. They noted that the details and timeframe are yet to be finalized since a public consultation is due first.

At a fintech conference that starts on Monday, the government is expected to provide more details regarding its recently announced goal of creating a top crypto hub in the region. To restore Hong Kong's reputation as a financial center after years of political turmoil and the aftermath of Covid curbs sparked a talent exodus, the marketing campaign comes amid a larger effort to put Hong Kong back on the map.

Gary Tiu, executive director at crypto firm BC Technology Group Ltd, said that, while mandatory licensing in Hong Kong is one of the most effective things regulators can do, they cannot forever satisfy the needs of retail investors who are investing in crypto assets. 

Criteria for listing 

According to people familiar with the matter, the upcoming regime for listing tokens on retail exchanges is likely to include criteria such as the token's market value, liquidity, and membership in third-party crypto indexes to determine eligibility for listing. Their approach resembles the one they used when it came to structured products such as warrants, they continued. 

Hong Kong's Securities and Futures Commission spokesperson did not respond to a request for comment regarding the details of the revised stance adopted by the agency. 

Several crypto-related Hong Kong companies that are listed on the stock exchange increased their share prices on Friday. In the same report, BC Technology climbed 4.8% to its highest in three weeks during the third quarter, whilst Huobi Technology Holdings Ltd. rose slightly. 

In a world where more and more regulators are grappling with how to manage the volatile area of digital assets. This area has gone through a $2 trillion rout, following a peak in early November 2021. The sector is finding it difficult to regain its previous strength. Firms that dealt in cryptocurrency were crushed by the crash because their leverage grew without limit and their risk management methods were exposed.

It is widely believed that Singapore has tightened up its digital-asset rules to curb retail trading in digital assets to deal with the implosion that has hit Hong Kong. 

There was a proposal earlier this week by Singapore to ban the purchase of leveraged retail tokens on the retail market. There was a ban on cryptos in China a year ago because it was largely illegal. 

Michel Lee, executive president of digital-asset specialist HashKey Group, said that Hong Kong is trying to frame a crypto regime that extends beyond the retail token trading market to incorporate all types of digital assets, including cryptocurrencies. 

Bringing the ecosystem to the next level 

Among other things, Lee believes that tokenized versions of stocks and bonds could become a much more significant segment in the future as time passes on. Lee said, "Just trading digital assets on its own is not the goal". According to Lee, digital assets are not intended to be traded on their own but the ecosystem must grow as quickly as possible.”

A big exchange such as Binance and FTX once had their base in Hong Kong. Their attraction was the reputation of a laissez-faire regime and their strong ties to China. A voluntary licensing regime, that was introduced by the city in 2018, limited crypto platforms' access to clients with portfolios exceeding HK$8 million ($1 million) to those with portfolios of less than that amount. 

It has been confirmed that only two firms have been approved to operate under the license, BC Group and HashKey. FTX successfully managed to turn away the more lucrative consumer-facing business to the Bahamas last year as a result of the signal of a tough approach. 

However, the plan to attract crypto entrepreneurs back to Hong Kong seems to be a bit short of what is needed to usher them back. Among other things, it remains to be seen if mainland Chinese investors would be able to trade in tokens through Hong Kong if that were to be permitted. 

Leonhard Weese, the co-founder of the Bitcoin Association of Hong Kong, expressed a fear that there might be a very strict licensing regime in the future. "The conversations I have had indicate that people still fear it will be very stressful," he said. The company claims that it is not competitive on the same level as overseas platforms. Therefore, it will not be as attractive to customers as it would be if it dealt directly with retail users. 

According to blockchain specialist Chainalysis Inc., the volume of digital-token transactions in Hong Kong through June declined less than 10% from a year earlier, the most modest increase in the region outside of a slump in China, in the 12 months through June. It has fallen two positions from its global ranking of 39 in 2021 to 46 in 2022 when it comes to crypto adoption throughout the city. 

The Securities and Futures Commission of Hong Kong's Fintech Department has also suggested that the city could take further steps in this area, including the establishment of a regime to authorize exchange-traded funds seeking exposure to mainstream virtual assets. 

It shows that the one country, two systems principle is being put into action in financial markets, Wong said at an event last week. He said that the fact that the city can introduce a cryptocurrency framework distinct from China's indicates how far it has come.

Singapore Increases its Investment in Quantum Computing, to Keep Ahead of Security Risks

 

Singapore aims to improve its quantum computing capabilities through new initiatives to build necessary skill sets and quantum equipment. It emphasises the importance of doing so in order to keep encryption technology resilient and capable of withstanding "brute force" attacks. 

The Singapore government announced on Tuesday that it will set aside SG$23.5 million (17.09 million) to support three national platforms under its Quantum Engineering Programme (QEP) for a period of up to 3.5 years. The scheme is a component of the country's Research, Innovation, and Enterprise 2020 (RIE2020) strategy. 

Two of these platforms were presented today, including the National Quantum Computing Hub, which will pool knowledge and resources from the Centre for Quantum Technologies (CQT), as well as local universities and research institutes, to strengthen key skill sets. 

Teams from CQT, the National University of Singapore, Nanyang Technological University, A*STAR's Institute of High Performance Computing (IHPC), and the National Supercomputing Centre (NSCC) would seek to establish international collaborations and train new talent in order to address a skills shortage in the emerging industry. CQT and IHPC researchers would also create quantum computing hardware and middleware, with potential applications in finance, supply chain, and chemistry. 

The National Supercomputing Center (NSCC) would offer the supercomputing capacity required to design and train algorithms for usage on quantum computers. A second initiative, National Quantum Fabless Foundry, was launched to facilitate the micro and nano-fabrication of quantum devices in cleanrooms run by industrial partners. 

The platform, which would be hosted at A*STAR's Institute of Materials Research and Engineering, would aid in the creation of products in quantum computations, communication, and sensing. Singapore's Deputy Prime Minister and Coordinating Minister for Economic Policies, Heng Swee Keat, stated in his address announcing the new efforts that the country needs to stay alert in the face of growing dangers. Heng compared cyber threats to a "cat and mouse game," saying that efforts were made to keep ahead of hostile actors who were always looking for new holes to attack. 

With the cyber world rapidly developing, he believes quantum technology has the potential to be a "game changer." "Strong encryption is key to the security of digital networks. The current encryption standard, AES 256, has held up, as few have the computing power to use brute force to break the encryption. But this could change with quantum computing," he cautioned. 

"For some cryptographic functions, the fastest quantum computer is more than 150 million times faster than the fastest supercomputer. Quantum computers can solve in minutes a problem which takes a supercomputer 10,000 years." 

This underscored the importance of quantum technology research, the minister said. "Our investment in quantum computing and quantum engineering is part of our approach of trying to anticipate the future and proactively shaping the future that we want." 

He said that as digitalisation increased, so did cyber concerns and that Singapore must continue to spend to keep ahead of possible threats. He went on to say that the fabless foundry will use the country's manufacturing skills to create quantum devices that would tackle "real-world difficulties" in collaboration with industry partners.

Singapore Ups Investemnt in Quantum Technology, to Stay Ahead of Security Risks

 

Singapore focuses on enhancing its quantum computing capabilities through new initiatives to build necessary skill sets and quantum equipment. It emphasises the importance of doing so in order to keep encryption technology resilient and capable of withstanding "brute force" attacks. 

The Singapore government announced on Tuesday that it will set aside SG$23.5 million (17.09 million) to support three national platforms under its Quantum Engineering Programme (QEP) for up to 3.5 years. The initiative is a component of the country's Research, Innovation, and Enterprise 2020 (RIE2020) strategy. 

Two of these platforms were announced on 31st May, including the National Quantum Computing Hub, which will pool knowledge and resources from the Centre for Quantum Technologies (CQT), local universities, and research institutes to strengthen key skill sets. University, A*STAR's Institute of High Performance Computing (IHPC), and the National Supercomputing Centre (NSCC) would seek to establish international collaborations and train new talent in order to address a skill scarcity in the emerging industry. CQT and IHPC researchers would also create quantum computing hardware and middleware, with potential applications in finance, supply chain, and chemistry. 

The National Supercomputing Center (NSCC) would offer the supercomputing capacity required to design and train algorithms for usage on quantum computers. A second programme, National Quantum Fabless Foundry, was launched to facilitate the micro and nano-fabrication of quantum devices in cleanrooms run by industrial partners. 

Both efforts would boost local talent and allow academics to investigate how quantum computing may help diverse businesses as well as build quantum gadgets. The Quantum Engineering Programme also included a quantum-safe network that was billed as demonstrating "crypto-agile connectivity" and supporting experiments with both public and commercial entities. 

The initiative, which was announced earlier in February, intended to improve network security for vital infrastructures and had 15 partners at the time of introduction, including ST Telemedia Global Data Centres, Cyber Security Agency, and Amazon Web Services. 

Singapore's Deputy Prime Minister and Coordinating Minister for Economic Policies, Heng Swee Keat, stated in his address announcing the new efforts that the country needs to stay alert in the face of growing dangers. Heng likened cyber threats to a "cat and mouse game," adding that efforts were made to keep ahead of hostile actors who were always looking for new loopholes to attack. With the cyber world rapidly developing, he believes quantum technology has the potential to be a "game changer." "Strong encryption is key to the security of digital networks. The current encryption standard, AES 256, has held up, as few have the computing power to use brute force to break the encryption. But this could change with quantum computing," he cautioned. 

"For some cryptographic functions, the fastest quantum computer is more than 150 million times faster than the fastest supercomputer. Quantum computers can solve in minutes a problem which takes a supercomputer 10,000 years." According to the minister, this highlights the significance of quantum technology research. 

He added, "Our investment in quantum computing and quantum engineering is part of our approach of trying to anticipate the future and proactively shaping the future that we want." 

He noted that as digitalisation grew, so did cyber concerns and that Singapore must continue to invest to keep ahead of possible threats. He went on to say that the fabless foundry will use the country's manufacturing skills to create quantum devices that would tackle "real-world challenges" in collaboration with industry partners.

Singapore Cops Arrest 39 for Suspected Role in Job Scam

 

Singapore police have arrested 35 men and four women, aged between 16 and 65 over their alleged role in job and phishing scams involving Singapore Bicentennial commemorative notes. 

The individuals were nabbed during an islandwide anti-scam enforcement operation between Nov 22 and 26 that saw a total of 113 individuals investigated for their suspected role in over 900 jobs and phishing scams that led to more than S$20mil (RM61.87mil) in losses. 

According to Singapore police, the suspects had allegedly sold their bank accounts or gave their Singpass credentials to criminal syndicates in return for as much as $5,000 for each bank account sold or $400 for each set of Singpass credentials sold. However, most of them did not receive the money promised to them.

“Some were also found to have allegedly rented out their bank accounts to scammers or assisted them in carrying out bank transfers and withdrawals,” Singapore police stated, adding that investigations are ongoing. 

The victims were tricked after chancing upon advertisements offering quick cash on social media platforms and chat applications. The job scam required victims to order items from online platforms to improve sales volume. They would then be made to pay for the items via funds transfer to various bank accounts.

At the initial stage, victims would receive payment on top of a good commission, said the police. However, a real twist comes when victims spent large sums on their orders, and their job contact becomes uncontactable. Those targeted by the phishing scams received text messages from scammers informing them of their eligibility to receive free Singapore Bicentennial commemorative notes and would be directed to URL links that were allegedly spoofed. 

When victims clicked on the link, they would be redirected to malicious websites similar to the homepage of a purported bank’s Internet banking website and get fooled into coughing their banking details.

“Victims would only realize they had been scammed when they discovered unauthorized transfers of monies out of their bank accounts,” said the police. 

The police warned the public to remain vigilant and be wary of job advertisements that promise the convenience of remote working at an “unreasonably high salary”. The job seekers were also reminded not to click on URL links provided in unsolicited emails and text messages. 

“Legitimate businesses will not require job seekers to utilize their bank accounts to receive monies on behalf of the businesses. These acts are common ruses used by scammers to lure individuals into carrying out illicit payment transfers on their behalf. Always verify the authenticity of the information with the official website or sources, and never disclose personal or Internet banking details and one-time passwords to anyone, Singapore police advised.

Hackers Impersonate Bank Customers and Make $500k in Fraudulent Credit Card Payments

 

Hackers from other countries were able to impersonate 75 bank clients and made $500,000 in fraudulent credit card payments. This was accomplished using a clever way of intercepting one-time passwords (OTPs) sent by banks via SMS text messages. In a joint statement released on Wednesday, the Infocomm Media Development Authority (IMDA), the Monetary Authority of Singapore (MAS), and the Singapore Police Force detailed how hackers redirected SMS OTPs from banks to foreign mobile networks systems. 

The SMS diversion method, they said, “requires highly sophisticated expertise to compromise the systems of overseas telecommunication networks”. Last year's fraudulent transactions took place between September and December. The bank clients claimed that they did not initiate the transactions and that they did not get the SMS OTPs that were required to complete them. 

According to Mr. Wong, the MAS' deputy chairman, the Monetary Authority of Singapore (MAS) would engage with financial institutions to fine-tune the existing framework on fraudulent payment transactions, which covers the responsibilities and liabilities of banks and customers in such instances. 

Between September last year and February, the police received 89 reports of fraudulent card transactions using SMS one-time passwords (OTPs), according to Mr. Wong. Ms. Yeo Wan Ling (Pasir-Ris Punggol GRC) had inquired if bank-related cyber frauds had increased in the previous six months.

"While these cases represent less than 0.1 percent of fraudulent online card transactions reported, and the number of cases has come down since March 2021, it is nevertheless concerning," Mr. Wong said. 

Singapore's financial and telecommunications networks have not been hacked, according to the authorities. Affected customers who took efforts to safeguard their credentials would not be charged for any of the fraudulent transactions as a gesture of goodwill from the banks, according to the authorities. The names of the banks involved were kept under wraps. 

The cybercriminals utilized this method to get the victims' credit card information and mobile phone numbers in this incident. They also got into the networks of international telecoms and exploited them to alter the location information of the Singapore victims' mobile phones. 

By doing so, the hackers deceived Singapore telecom networks into believing that Singapore phone numbers were roaming overseas on the networks of other countries. The hackers subsequently made fraudulent online card payments using the victims' stolen credit card information.

As a result, when banks issued SMS OTPs to victims to authenticate transactions, the criminals were able to reroute these text messages to foreign mobile network systems. The fraudulent card payments were subsequently completed using the stolen OTPs. This corresponds to the victims' claims that they did not get the OTPs.

73,500 Patients Data was Compromised in a Ransomware Attack on a Singapore Eye Clinic

 

The personal data and clinical information of roughly 73,500 patients of a private eye clinic were hit by a ransomware attack earlier this month, the third such occurrence in a month. Names, addresses, identity card numbers, contact information, and clinical information such as patients' clinical notes and eye scans were among the data, according to Eye & Retina Surgeons (ERS) on Wednesday. 

The clinic, however, stated that no ransom has been paid and that no credit card or bank account information has been obtained or compromised. The compromised IT systems at the clinic are not connected to the ministry's IT systems, such as the National Electronic Health Record, and there have been no similar cyber-attacks on MOH's IT systems, according to the Ministry of Health. 

The ministry also requested ERS to look into the issue, conduct a thorough evaluation of its systems, and collaborate with the Cyber Security Agency (CSA) to "take prompt mitigation efforts to enhance its cyber defences."

"Following this incident, MOH will be reminding all its licensed healthcare institutions to remain vigilant, strengthen their cybersecurity posture, and ensure the security and integrity of their IT assets, systems, and patient data. It is only through the disciplined maintenance of a safe and secure data and IT system that healthcare professionals will be able to deliver accurate and appropriate care, and uphold patient safety," the MOH said. 

The clinic's IT system has recently been restored "securely," with IT experts performing "thorough" system checks, reformatting servers, and running anti-virus scans on all computer terminals. The ERS stated that it had taken steps to avoid the situation from happening again. It is currently telling patients about the cyber-attack. 

Following the ERS ransomware incident, identical problems occurred at insurer Tokio Marine Insurance Singapore and IT firm Pine Labs. According to a recent study from Singapore's Cyber Security Agency (CSA), there were 89 ransomware cases reported to the agency last year, up from 35 cases in 2019. The assaults mostly targeted small and medium-sized businesses in the manufacturing, retail, and healthcare sectors. 

To encourage all licensed healthcare providers to set up and continually assess their security protections, impose new measures, and apply best practices to secure their IT systems and endpoints, the MOH issued the Healthcare Cybersecurity Essentials guidelines in August.

Criminals Targeted Security Gaps at Financial Services Firms as Employees Moved to WFH

 

According to a report released on Tuesday by the international Financial Stability Board (FSB), criminals targeted security flaws at financial services organizations as their employees switched to working from home. The Financial Stability Board (FSB) was established after the G20 London meeting in April 2009 to offer non-binding recommendations on the global financial system and to coordinate financial policies for the G20 group of nations. 

“Working from home (WFH) arrangements propelled the adoption of new technologies and accelerated digitalization in financial services,” the report states. Phishing, spyware, and ransomware were used to target workers at home. Between February 2020 and April 2021, the number of crimes increased from less than 5000 per week to more than 200,000 per week. 

On July 8, 2021, the Cyber Security Agency of Singapore (CSA) released data suggesting that cybercrime accounted for 43% of all crime in the city-state in 2020. "Although the number of phishing incidents remained stable and website defacements declined slightly, malicious cyber activities remain a concern amid a rapidly evolving global cyber landscape and increased digitalization brought about by the COVID-19 pandemic," said the agency. 

Ransomware attacks increased by 154% from 35 in 2019 to 89 in 2020, ranging from "indiscriminate, opportunistic attacks" to "Big Game Hunting," according to the CSA. They also used leak and shame techniques, as well as RaaS (Ransomware-as-a-Service) models. Between 2019 and 2020, the number of hostile command-and-control servers increased by 94%, with Emotet and Cobalt Strike malware accounting for one-third of the total. 

As IT departments tried to secure remote workers, increased dependence on virtual private networks and unsecured WiFi access points “posed new types of hurdles in terms of patching and other cyber security issues,” according to the FSB assessment. External providers, according to the research, also built cracks for hackers to exploit. According to the report, "While outsourcing to third-party providers, such as cloud services, seems to have enhanced operational resilience at financial institutions, increased reliance on such services may give rise to new challenges and vulnerabilities." 

Working from home isn't going away any time soon. According to Gartner, nearly half of knowledge employees will be working remotely by 2022. Even Apple's retail team follows a hybrid work schedule. Institutions' cyber risk management systems, incident reporting, response and recovery efforts, and how they manage cloud and other third-party services should all be adjusted properly, according to the FSB.

Singapore Assessing WhatsApp Privacy Policy Change, Not 'Adversely Affected' In SolarWinds Breach

 

Currently, it is safe to say that Singapore’s government and non-government departments are safe from the adverse effects of SolarWinds security breach, nevertheless, the Singapore government has made requests to their organizations to protect their systems against potential threats. 

Additionally, the government has also exhibited deep concern regarding upcoming privacy policy changes on WhatsApp messenger, which is one of the platforms employed by the government to provide information to their citizens. The Minister for Communications and Information, S. Iswaran, said that when we got the news regarding the big data breach threat (SolarWinds security breach), our Cybersecurity Agency (CSA) has raised the national cyber threat alert level and immediately started working towards it. 

"There is no indication, thus far, that Singapore's CII and government systems have been adversely affected by the SolarWinds breach," said Iswaran, who was responding to questions raised in parliament. He added that, "The government is, nonetheless, adopting a cautious stance." 

Furthermore, he said that the “CSA had issued public advisories on steps enterprises should take to safeguard their systems against potential threats, including having full visibility of their networks and detecting unusual activity in a timely manner. The situation still was evolving as affected companies continued to investigate the breach’’. 

While advising on the matter, he suggested for the government to move towards a Zero Trust security posture, where organizations should not trust any activities until verification and there should be constant surveillance and alertness towards suspicious activities. Organizations should be establishing strong cyber-attack response plans to cope up with such incidents, as chronicled in the recent past. 

"The SolarWinds incident underscores the global and trans-border nature of cyber threats," the minister noted, “Though difficult to completely prevent, we need deliberate, targeted, and consistent efforts to strengthen our cyber defenses against [such] sophisticated threats, which exploit the supply chain of trusted vendors and software." 

Singapore Government's WhatsApp Channel Has 1.22M Subscribers

Ministry has also responded to the questions regarding WhatsApp's upcoming privacy policy changes, explaining that the government is concerned regarding this too as consumers have raised their voices on the matter. According to Iswaran, at present, there are 1.22 million users to Singapore's Gov.sg WhatsApp channel, which is one of the many platforms used to reach our local population, including Telegram, Twitter, as well as its own Gov.sg website.

Further, he ensured, "Private-sector organizations contracted by the government to perform data-related activities, including the processing and communication of personal data, are bound by contractual terms and conditions. These will determine whether organizations are permitted to share, for their own commercial purposes, the data that has been provided by, or collected on behalf of, the government”.

Singapore Witnessed a Sudden Surge in the Bank-Related Phishing Scam

 

Phishing emails are scams where the actors try to befool the user by sending emails that may concern the user. Generally, these emails are received in the name of a bank or some trusted company, that asks for your personal information. The entire process appears to be legitimate but it's designed to trick the user into extracting their personals information. 

We all buy or sell things online through various platforms and organizations that have our personal information stored in their database that is nevertheless safe until and unless the actors impersonate these organizations and befool users into submitting their OTP’s, passwords, etc. The user is safe from such phishing emails as long as they do not respond in the required condition to the mail. 

The city-state of Singapore has turned out to be a victim of extortion with phishing emails that have even agonized the government officials. On the 5th of January, the Singapore government officials stated that there have been bank-related phishing scams where the actors have been imitating to be Singapore Government officials and asking natives for their personal information.  Generally, the victims in such scams receive a call or email or even a message from some government agencies like the Ministry of Manpower, asserting some issues within the victim’s bank account. 

Furthermore, they ask to verify some personal details that should have stayed confidential – such as their NRIC numbers, password of bank account, log-in credentials, and much more. Following the aforesaid state of affairs, the actors then try to make illegitimate transactions of money from the victim’s account. 

The first six months of the year 2020 have reported some 900 cases of bank-related phishing scams and a more than 25-fold from the just 34 such cases for the same period in the year 2019, stated the Singapore Police. The amount of loss has been calculated to $ 3.6 million for the year 2020. 

The Singapore Police in charge of the case has requested the natives to ignore such calls and deny stipulating any information regarding the bank account or the log -in credentials and any private details. They clarified that no government agency in any situation would ask for any private information or bank account details over a phone call or via emails. Scammers or actors may mask their actual phone numbers and try to display a different profile using ID spoofing technology as further added by the police. 

After recording a significant surge in these cases Singapore government officials have asked for cooperation and support from the city natives, requesting them not to share their personal or internet banking details and OTP’s with anyone.

Singapore’s Move to Facilitate Contact Tracing Amidst the Covid-19 Pandemic Rejected by Its Residents


While each country is attempting to stymie the outbreak of the disastrous coronavirus in different ways, Singapore attempted the same perhaps it wasn't a plan well thought off as the country attempted to come up with an inventive and a profoundly technological solution to battle the everyday rising cases of the virus.

Their arrangement included developing a wearable device that would be issued to each resident as an approach to facilitate contact tracing in the midst of the COVID-19 pandemic, however, the move, unfortunately, wasn't well-received by the citizens as it started an open objection with respect to their worries about their privacy.

An online petition titled “Singapore says 'No' to wearable devices for COVID-19 contact tracing", has thus to date, garnered in excess of 17,500 signatures.

The online petition describes the usage of such devices as "conspicuous encroachments upon our privileges to protection, individual space, and opportunity of development".

In words of Wilson Low, who started the petition on June 5, "All that is stopping the Singapore government from becoming a surveillance state is the advent and mandating the compulsory usage of such a wearable device. What comes next would be laws that state these devices must not be turned off [or] remain on a person at all times -- thus, sealing our fate as a police state.”

Singapore's Minister-in-Charge of the Smart Nation Initiative and Minister for Foreign Affairs, Vivian Balakrishnan, said during a parliament session Friday that while the government had introduced a contact tracing app earlier, TraceTogether, a wearable device was essential as it would not rely upon somebody possessing a smartphone.

His team however is developing and would “soon roll out a portable wearable device" keeping in mind the existing issues with the application, which didn't function well on Apple devices as the iOS operating system would suspend Bluetooth scanning when the app was running in the background.

He said that if the devices are proved to work viably, then they may be issued to each resident in Singapore, yet didn't expressly say that the government would make it obligatory for everybody to utilize it.

Wilson, however, was very determined upon proving his point as he wrote, “Even if we're not, we recognize the potential creation of a two-tiered society -- those who wear the devices versus [those] do who do not -- therein, and an open pass to engage in yet another form of prejudice and societal stratification.”

Later including, "The only thing that stops this device from potentially being allowed to track citizens' movements 24 by 7 are: if the wearable device runs out of power; if a counter-measure device that broadcasts a jamming signal masking the device's whereabouts; or if the person chooses to live 'off the grid' in total isolation, away from others and outside of any smartphone or device effective range.”

Numerous different residents also came to his support as they very openly expressed their concerns with respect to the potential execution of wearable devices, further taking to Balakrishnan's Facebook page to ask the legislature against taking this course.

One user Ian Chionh went so far as to accusing the government of utilizing the coronavirus as "an excuse" to put a tracking device on all residents on Facebook.

Wilson had likewise referenced something similar to these worries adding that "The government looks to the COVID-19 pandemic as the perfect excuse to realize what it has always envisioned for us, this country's populace: to surveil us with impunity, to track us without any technological inhibitions, and maintain a form of movement monitoring on each of us at all times and places. And to do so by decreeing it compulsory for all law-abiding persons to become 'recipients'."

Aside from TraceTogether, the Singapore government utilizes an advanced digital check-in tool, SafeEntry, to facilitate its contact tracing efforts.

The system gathers visitors' very own data, either through QR codes or barcode scans whenever they enter a venue, like supermarkets and workplaces. Information gathered through SafeEntry is retained for 25 days, just like TraceTogether's data retention policy.

The TraceTogether app was updated just the previous week to incorporate the registration of passports numbers for travelers visiting Singapore and barcode scans to support SafeEntry.

The nation however has begun with easing the restrictions, initially set up to check the spread of the virus - in phases as more and more businesses wish to resume with their operations over the following month.

Massive HIV Data Leak; No Closure Yet!






Singapore: Finally the authorities have come up with some background details as to the circumstances that led to 14,200 people’s personal details along with their HIV status leakage.

The lingering questions, ever since the data was compromised have been intriguing. Such as, the reason behind not making it public in May 2016 when it was known that the information was in wrong hands?

According to a recent media briefing the Permanent Secretary of Health, cited that the ministry of health did wasn’t sure as to the whether the news’ being public was in the interest of the citizens.

They did mention though that they will take conservative measures and better approaches now that they know the persons in registry have concerns regarding a public announcement.


It’s disturbing that years after the incident took place no one knows why the data still remained with the unauthorized people.



According to sources, the Ministry of Health had lodged a police report in May 2016 after finding out that Mikhy Farrerra Brochez was in custody of the leaked information from the HIV registry.

After, the properties owned by Brochez and his partner Ler Teck Siang were searched by the police officials and all pertinent material found was seized.

Even after that Brochez managed to keep some information back and in turn leaked it later on. The Permanent Secretary of Health voiced that the police should have had a better search.

It was later in May 2018 when the people whose information as in the “unauthorized” hands were informed a\bout the entire leakage scenario.

In May 2018 the police found out that Brochez had managed to hold some records back which was a month after Brochez completed serving his jail sentence for other offenses and was deported from Singapore.

There is no way of knowing though, that how many people were informed that their persona details were in wrong hands.

MOH lodged a police report and had contacted the concerned individuals. The number of people was very small according to PSH Mr. Chan.


Where Brochez was deported to is still under wraps and the immigration department couldn’t share the details due to confidentiality concerns.

He is known to have arrived in the Kentucky state of the US. There’s no knowing if he’s being monitored, the sources said.

He had called at his mother’s house despite being warned to stay away and that’s when she informed the police about it.

After he refused to leave he was taken into custody and was charged. He has been asked to return to the district to face criminal trespass.

The Singapore police force is reportedly taking help of their foreign counterpart but didn’t mention which organizations or countries.

Brochez’s partner was charged with the Official Secrets Act for “failing to retain the possession of a thumb drive” containing data from the leak but was stood down and there is no answer as to why that happened.



According to Article 35(8) the AG gets a wide discretion as public prosecutor in the conduct of criminal proceedings. The prosecution “is not required to give reasons for why they decide to proceed with certain charges and not others”.

Another question that has yet to be addressed is how was the access to the confidential information disabled? We do know that the MOH had worked with “relevant parties” to disable the access.


Stolen information of such sorts is uploaded on various hack forums and file sharing sites such as “Pastebin” and “Mega” and is commonly hosted on web servers overseas.

If taking down a web domain. It could be done on a registrar level. Domain registrars are company people who create websites. But taking down a website can’t totally solve the problem.


Because once, data is on the dark web it’s almost irretrievable. As it could be copied or distributed across quite easily.


Absolutely different from the internet the commoners use, the Dark Web is “unregulated and decentralized and has no point of authority or disabling access to anything.

Massive HIV Data Leak: Thousands of Detailed Records Compromised.












In a recent major data leak in Singapore, thousands of HIV positive people’s records were compromised.


One of the victims of this leak was informed via a phone call that her record was out in the open along with those of approx. 14,000 others.

This enormous leak came off as really shocking to people as many of them were reluctant to let the fact surface in outer world.

The main target which has emerged in this database leakage incident is the Singaporean media.

The government said that a local doctor who had an American partner, who had access to all the records in question, is the main person who’s at fault.

Reportedly, according to the authorities the leak has been contained but an extreme emotional damage has been caused to the HIV infected.

In Singapore, as mandated by the law, the aforementioned victim’s HIV status was added to the national database.

The HIV registry was set up in 1985 by the ministry of health to keep a check on the infection and potential cases’ status.

The previously mentioned database is the one which got compromised accompanied by the names and addresses of more than 14,000 people.

According to the sources the name of the American partner has been reported to be as, Mikhy Farrera-Brochez. The data and the access to the registry had been wrested from his Singaporean doctor partner.

Mikhy couldn’t work in Singapore because as the Singaporean law states so. But he got convicted of fraud because he used someone else’s blood to pass a mandatory HIV test.

According to Mikhy there is more to the story of the leakage and it’s not just him who’s behind it all. He also said that he had contracted HIV in prison and that he was denied medication.

He also blamed Singapore for using the HIV database for keeping track of gay men in the country because same-sex sex there is illegal.

To this accusation Singaporean authorities have replied negatively and cited that the statement is absolutely untrue.

Singapore’s health minister is working with the authorities of the US regarding the case.
Earlier there was a total ban on people with HIV entering the borders of Singapore, which got lifted in 2015.

But the people who have married Singaporean citizens or have permanent residencies in the country could dodge it.

This leak has come as a shock as well as emotionally degrading. This chaotic circumstance has made the citizens question the way records are kept in security.

One of the senior doctors who have been working on safeguarding the interests of the HIV patients in Singapore said that many implementations exist which restrict the doctors from accessing such records.

This incident has wreaked a lot of emotional havoc to people who are infected and whose names are in those compromised records.

The victims aren’t even sure that whether the leak has actually been contained or not.

This leaked information could ruin a lot of lives and careers for the infected.

The victims are seriously concerned about the diaspora of the detailed information and the compromised records.