'Zombie' devices infected with malware have tripled in numbers here

Number of such infected devices - which hackers can control - triple amid pandemic

"Zombie" devices linked to the Internet, and infected with malware that allows hackers to control them and launch cyber attacks, have tripled in numbers here amid the Covid-19 pandemic, according to the latest government findings.

An average of 6,600 malware-laced devices, also called botnet drones, were observed here last year on a daily basis, a big jump from 2,300 in 2019, said the Cyber Security Agency of Singapore (CSA) in a report yesterday.

These devices can be computers, routers and even smartphones hijacked by hackers.

Infected with malware, they act like zombies or drones that, without the knowledge of their owners, "mindlessly" follow the instructions of hackers.

By sending commands to large groups of such devices, called botnets, hackers can use them to carry out cyber attacks.

This can include causing information technology systems to crash, breaching systems to steal data and launching ransomware attacks that cause digital files to be locked up until the hackers are paid.

The number of systems used to control botnets, also called command and control servers, found here also nearly doubled.

CSA said 1,026 of these servers were recorded here last year, up from 530 in 2019.

The sharp rise in botnet drones and the servers controlling them could be due to cyber criminals seizing opportunities created by the pandemic, said Ms Genie Sugene Gan, cyber-security firm Kaspersky's head of public affairs and government relations for Asia-Pacific.

She explained that IT teams were very stretched because the pandemic caused businesses to go digital at breakneck speed.

"Perhaps cyber security was forced to take a backseat as companies were primarily concerned with business survival and inevitably prioritised business continuity," said Ms Gan.

She said hackers were also exploiting people who were anxious over the Covid-19 outbreak, which could have made them prone to phishing, scams, spam and more.

As for why hackers sited so many of the servers here to control zombie devices, Ms Gan said this is a by-product of the country's developed digital infrastructure and its role as a regional data hub.

CSA's report also said ransomware cases in the Republic surged 154 per cent from 2019's 35 cases to hit 89 last year.

While most of the cases reported were from small and medium-sized enterprises (SMEs), hackers were also fishing for larger victims in the manufacturing, retail and healthcare sectors, said the agency.

Mr Eric Hoh, president for Asia-Pacific at cyber-security firm FireEye Mandiant, said organisations, in particular SMEs, that have lower priorities in cyber-security investments could become easy targets for ransomware.

He said the manufacturing, retail and healthcare sectors are traditionally not IT-centric, which makes them prone to phishing attempts, for instance.

Minister for Communications and Information Josephine Teo said in a written parliamentary reply on Tuesday that steps have been taken to tackle ransomware.

For instance, CSA has directed sectors with critical information infrastructure, like energy, to boost their cyber security. The Government has also taken similar steps.