A view of the financial business district buildings in Singapore on June 28, 2021. (Photo by ROSLAN RAHMAN / AFP)

Botnet drones raise cybersecurity concerns in Singapore

From Singapore to Beijing to Mumbai, the Asia Pacific region continues to see increasing cybercrime activities. Be it ransomware, phishing, or botnet drones, as businesses continue to add more cybersecurity protections, cybercriminals are still able to find devious means and ways to wreak havoc.

According to a report by Check Point Research, Asia Pacific experienced a 168% increased in cyberattacks in May 2021 compared to the same month last year.

Ransomware and Remote Access Trojans continue to be the largest malwares affecting the region, followed by banking trojans.

Hence, it was not surprising when the Cyber Security Agency of Singapore’s (CSAS) report revealed increasing amounts of ransomware and online scams last year. According to the report, there were 9,080 cases reported last year, with malicious cyber activities still growing rapidly yearly.

Some of the key malicious cases in Singapore last year include ransomware, botnet drones, phishing, and website defacements. While ransomware and phishing continue to dominate, the number of botnet drones cases has increased by a lot. CSAS detected about 6,600 botnet drones with Singapore IP addresses daily with variants of the Mirai and Gamarue malware prevalent in infecting IP addresses in 2020.

The Mirai malware is particularly interesting as it primarily targets IoT devices. Singapore has seen increased usage of IoT devices as the country moves towards a smart city status. Research from Statista states the number of IoT devices worldwide is expected to hit 30.9 billion by 2025.

People walk along a sidewalk in Chinatown district in Singapore on July 7, 2021. (Photo by Roslan RAHMAN / AFP)

Vulnerable IoT devices 

IP cameras are examples of IoT devices that can be easily hacked. Last year, IoT devices like security cams and IP cams in Singapore homes were hacked, causing huge concern in the country. Most of the footage were from IP cams at homes and was sold on pornographic sites.

According to Jonas Walker, Security Strategist for FortiGuard Labs at Fortinet, botnet drones tend to spread inside networks to infect additional devices and provide a remote access capability into the network, which can be leveraged for lateral movement through the network and gives the attacker persistent access whenever needed in the future.

He pointed out that any additional device connected to this network in the future is at risk of being infected by the initial IoT device that spreads malware to these new devices like mobile phones and laptops with much more sensitive information.  Additionally, he said if attackers launch specific commands, these devices can use most of their resources for these tasks, leading to malfunctions of the initial purpose.

“Nowadays, most connected devices run on some sort of operating system which malicious threat actors can leverage for different purposes. The more computers a hacker group controls, the more powerful it gets. Many of these low-performance devices can stack up quite heavily and bring down some of the most powerful servers when used together,” said Jonas.

Meanwhile, Daniel Chu, ExtraHop Director of Systems Engineering, Asia Pacific, said it’s not uncommon for commercial IoT devices to run cheap with outdated software possessing known vulnerabilities that can be trivially exploited. He explained that competitive market conditions have forced IoT manufacturers to often rush the delivery of products without much thought for device security.

“With home IoT gadgets gaining popularity during a lockdown, it is understandable to see a rise in botnet attacks. In the past, we have seen compromised IoT devices being leveraged for numerous purposes: capturing sensitive footage for blackmail, crypto mining, ransomware attacks, or a participant in a distributed denial-of-service attack whereby botnet gangs up to flood on a victim with requests to a point where it becomes inaccessible,” added Daniel.

Apart from Singapore, most businesses in Southeast Asia are also facing similar struggles. Be it botnet drones or phishing, cybercrime continues to be an issue that needs to be taken more seriously by everyone. The lack of urgency and seriousness in understanding the effects of cybercrime is one of the main reasons why many businesses, especially small, market enterprises (SME) continue to be the ones targeted most by cybercriminals.

As such, companies like Microsoft recently established the Asia Pacific Public Sector Cybersecurity Council to unify policymakers from government and state agencies. Singapore, Malaysia, Indonesia, South Korea, Thailand, Brunei, and the Philippines are among the 15 policymakers in the council that is hoping to share information on cyber threats and cybersecurity products.