Top Cyberattacks Plaguing Singapore Businesses in 2021

The COVID-19 pandemic took the world by storm, dramatically altering daily life as we know it. It has also exacerbated global anxiety amongst individuals and companies. Perpetrators of cyberattacks have exploited this heightened fear for their own gains and Singapore is no exception to this unfortunate trend. 

According to the 2020 Singapore Cyber Landscape report released by the Cyber Security Agency of Singapore (CSA), in 2020, the Singapore Computer Emergency Response Team (SingCERT) handled a total of 9,080 cases, which is a significant increase from the 8,491 cases handled in 2019 and the 4,977 cases managed in 2018. The number of reported cybercrime cases also accounted for almost half of total crimes in Singapore last year. Perpetrators of such attacks often targeted areas such as e-commerce, data security, vaccine-related research and operations, as well as contact tracing operations. 

Let’s take a look at three key cyberattacks and threats plaguing Singapore businesses in 2021. 


Worryingly, there has been a significant increase in local ransomware cases in 2020. This is a trend that was likely influenced by the global ransomware outbreak, which marked a turn from indiscriminate, opportunistic attacks to more targeted and sophisticated tactics such as: big game hunting”, the adoption of “leak and shame” techniques, and the growth in ransomware-as-a-service offerings. 

In Singapore, there was a sharp rise of 154% of ransomware cases reported in 2020, as compared to 2019. These cases affected mostly small and medium-sized enterprises in industries such as manufacturing, retail, and healthcare. 

One such incident occurred in August 2020, where an F&B business found its servers and devices infected with NetWalker, alongside a ransom note directing the company to a webpage on the Dark Web to view the ransom demands. None of the F&B company’s data could be recovered as it also stored its backups on the affected serves and unfortunately, they had to rebuild the IT system from scratch.

In the words of CSA’s Chief Executive and Commissioner of Cyber Security, David Koh, ransomware had transformed from a “sporadic nuisance” to a massive threat affecting entire networks of large enterprises. It is a major security issue affecting critical information infrastructure (CII) sectors and nations.


The second form of cybersecurity threats that tops the list would be malware attacks; specifically, this includes the use of Command and Control (C&C) Servers and Botnet Drones. In Singapore, the CSA observed a 94% rise in the number of malicious C&C servers hosted in Singapore. Simply put, C&C servers are centralised devices operated by attackers to maintain communications with compromised systems, also known as botnets, within a targeted network. A daily average of 6,600 botnet drones with Singapore IP addresses were also detected, an increase from 2019’s daily average of 2,300.

The increasing trend of such attacks is partly fuelled by the increase in such servers distributing the Emotet and Cobalt Strike malware, which accounted for one-third of malware in C&C servers. CSA also revealed that Mirai and Gamarue malware variants were prevalent amongst infected botnets in 2020, with the former malware targeting primarily Internet of Things devices 

Phishing Attacks

We are no stranger to phishing attacks, but this continues to plague numerous companies in Singapore. Despite a 1% decrease in phishing attacks in 2020 as compared to 2019, the CSA has detected a jaw-dropping number of 47,000 Singapore phishing URLs.

Such attackers do not simply target individuals; more than half of the organisations attacked in these incidents were big technology or social networking firms, as well as the banking and financial sector. The Singapore Police Force, Ministry of Manpower and Ministry of Education were the three most spoofed Singapore government agencies, with many cases involving phishing emails.

Heightening Cybersecurity Defences

These are just three of the many cybersecurity threats that could target your firm. The rising trend of cybercrimes highlights the need for heightened and secured defences against such attacks. 

While these attacks may happen in the cyberspace, they have real-world consequences. It is now time to reassess your cybersecurity readiness and ensure your company’s systems are adequately and comprehensively resilient to withstand and recover from any cyberattack.

Article by Stephanie C. Heng

Get In Touch With Us.

Enquire for the Free Vulnerability Assessment

(Absolutely free with no hidden cost and future obligation)