Ransomware has rapidly moved from a “nuisance” to a public threat which could now endanger lives, a director of Singapore’s Cyber Security Agency told the CommunicAsia2017 conference on Tuesday.
Ho Ka Wei, a director at the National Cyber Threat Analysis Center at the Cyber Security Agency of Singapore, said an increase in attacks in recent weeks-including the global WannaCry attack-has put agencies on “high alert” and led to “sleepless nights and non-stop action.”
Ransomware attacks on the health system and facilities such as hospitals have the potential to threaten people’s lives, he said.
“The number of attacks is increasing,” said Ho. “No one is spared.”
“Critical infrastructure and government institutions continue to be attractive targets, and we see new sophisticated forms of ransomware and malware,” he said. “And now they are coming in malicious combos like WannaCry-which is both ransomware and a worm.”
Attacks were also increasing in strength and power, with some measured at over one terabyte per second, where previously “20 gigabytes a second was considered quite high.”
Ho outlined recent Advanced Persistent Threat (APT) attacks at two Singapore Universities in April, which were “carefully planned” with perpetrators seeking to steal government information and research.
The APTs were designed to gain unauthorized access to networks and lurk there for long periods to access information.
These attacks, at NTU and NTS, were identified and computers were isolated and then replaced.
The threat environment, said Ho, escalates on a monthly basis, and will reach new levels with the unstructured rise of the IoT if rigorous action is not taken and standards enforced.
“If IoT devices are unsecured by default, then they can be controlled and used,” said Ho. “The level of escalation is serious.”
Singapore created the Cyber Security Agency two years ago under the auspices of the Prime Minister’s Office, and the country announced its first Cyber Strategy in October last year.
Ho outlined four pillars to the strategy: to build a resilient infrastructure, create safer cyberspace, develop a vibrant cybersecurity ecosystem, and strengthen international partnerships.
Digital technology, he said, was critical to Singapore’s “smart nation efforts” and the increased number of attacks from “new vectors” was a key national risk to overcome.