A report released this week throws up a number of new and interesting insights. One of them is that Singapore had more than three million malicious URLs hosted locally and over 15 million people fell prey to these URLs, according to the results by Trend Micro. These are big numbers for a country as small as Singapore.

The Republic also ranked first in South-east Asia for experiencing the most business email compromise attacks last year. These attacks, which capitalise on the human desire to respond to urgent requests from authority, place the organisation’s security network at high risk.

Trend Micro also detected more than 55 million malware attacks in ASEAN. Malaysia took top spot at 29.6%, followed by Singapore (19.8%) and Thailand (16.4%).

These numbers indicate a wider trend in Singapore. There is a virtual technological arms race going on between cyber criminals and those charged with defending networks, such as the Cyber Security Agency of Singapore. Money or access to technology is not an issue in this cyber race and we will get to understand why a bit later. A change in mindset is required and that can only come with an understanding of this big picture.

While cybersecurity experts are increasingly using sophisticated technologies like machine learning and artificial intelligence (AI) to protect networks, cyber criminals are also going up the technology chain by developing new and sophisticated forms of malicious code and APTs (advanced persistent threats) to evade even the most resilient cyber defences.

For example, Trend Micro notes that in 2018 there was an upsurge in the use of what is known as “file-less threats” by cyber criminals. These types of malicious code are injected into an existing and legitimate application’s memory to make it appear as part of a sanctioned software program in order to evade detection. This is the latest in a long line of state-of-the-art malicious code being written by cyber criminals.

There used to be time when attacks on computers were the hallmark of individuals whose sole motive was the few days of “fame” (or notoriety) for being able to bring down a large number of computers with a well-crafted virus program. Those days are long gone.

New threat landscape

With the global economy increasingly becoming information-driven and digitalised, there is money to be made from cyberattacks that can steal information, be it credit card data or intellectual property (IP). Every piece of information has a price and a buyer in the Dark Web. This lure of quick gains attracts people with high level computer skills to hacking. Criminal gangs quickly pick them up.

While the money angle in the rise of cyber threats is well understood, there is another dimension that is less well understood but which has far greater long-term significance – the clandestine involvement of foreign government-linked entities in cyber attacks.

In many ways this is a natural corollary to the way governments and economies have become digitalised. Espionage, sabotage and other forms of undeclared warfare, have graduated from the physical world to the cyber world, keeping pace with how governments and economies as a whole have moved into a digitalised universe.

Metaphorically speaking, previously black ops personnel, who would, perhaps, physically bomb a factory in an enemy country, can now sit in the comfort of their homes and infiltrate the factory’s network and wreak havoc that is equally harmful. Also, espionage used to depend on things like “dead drops” and clandestine meetings in enemy territory that have been romanticised in several movies. Today all of that can be done much more effectively on the internet.

Two dimensions

In effect there are two dimensions to the looming cyber threat. One is the lure of money which attracts top criminals. The other is that many governments across the world use cyber warfare as a tool of state policy. The worst part is that there is often no clear delineation between the two dimensions and one often morphs into the other. The net result is that there is enough money floating about in this clandestine world to develop state-of-the-art malicious code to evade the best defences. As mentioned before, it is an arms race between the good guys and bad guys.

It is not just about software programs. Social engineering and subtle influencer programs are also part of the arsenal for cyber warfare. It is not often realised that, potentially, fake news could originate from an insidious campaign run by inimical foreign governments as part of a broader information warfare that is intended to demoralise or influence the population of an enemy nation. The investigation into the source of fake news after the last US Presidential election should be viewed from this perspective.

Fortunately there has been a realisation among government officials across the world that the cyber domain is now a new theatre of war, along with land, sea and air. That is one of the reasons that Singapore has made digital defence the sixth pillar of its Total Defence strategy. Unlike previous wars, the outcome of future conflicts will be determined by how robust a country’s cyber defence is and how coordinated it is with the conventional war fighting capability.

The digital defence pillar joins the other five pillars of Total Defence: Military, Civil, Economic, Social and Psychological Defence. With a number of high-profile cyber-attacks over the past few years, including one on SingHealth’s IT system between June and July last year in which the personal data of 1.5 million patients were stolen, the Singapore government decided to add the new pillar to strengthen the country’s cybersecurity and enable it to respond to digital threats in a concerted manner.

While threat detection tools will get increasingly sophisticated, as will the threats themselves, there is a need to change the way cyber threats are viewed. They are not just a technological challenge or just a threat to financial stability. Rather each attack needs to be analysed to see if they are a part of a larger series of attacks aimed at the nation-state. In cybersecurity a bit of paranoia is always a good thing.

Amit Roy Choudhury, a media consultant, is a senior technology journalist at GovInsider.

Image by Christiaan Colen – CC BY-SA 2.0