11 March 2022 | Asia Cyber Summary

In the Spotlight this Week:

  • Singapore to establish cyber military force

  • Thailand’s NCSA warns heightened cyber treats following Ukraine invasion

  • Singapore's Cybersecurity Act to be reviewed

  • Victims' tool to recover cyber fraud funds affirmed in Hong Kong

  • Only 40% of Singaporeans polled have cyber security apps on phones

Singapore to Establish Cyber Military Force

Singapore has announced the launch of a cyber security military branch by the last quarter of this year. The move is fueled by the ongoing Russian invasion of Ukraine, which has reportedly included cyber attacks.

In late February, an international hacking collective declared a “cyberwar” on Russia for its attack on Ukraine. Websites for the Kremlin and State Duma lower house of parliament were targeted. Singapore Defense Minister Ng Eng Hen told parliament on Wednesday of the need to build the country’s own defenses against external threats.

“As good and as ambitious as the next generation SAF (Singapore Armed Force) is, there are some gaps and capabilities, which recent events and developments warned us against, [...] primarily about threats in the digital domain.” Ng Eng Hen explained.

Thailand’s NCSA Warns Heightened Cyber Threats Following Ukraine Invasion

The Thai National Cyber Security Agency (NCSA) has warned against cyber attacks due to the ongoing crisis in Ukraine, urging firms and agencies to increase cyber protection.

NCSA Deputy Secretary-General Gp Capt Amorn Chomchoey said 12 cyber attacks have been discovered since the 13th of January and were linked to the Russia-Ukraine conflict, mostly targeting key infrastructures such as banks, border control agencies, and news websites.

Four such attacks were found to be using malware known as a Hermetic Wiper to erase crucial information, while DDOS attacks targeted financial websites.

Members of the general public were also affected by a malware called Cyclops Blink, which involves web links that direct users to websites propagating fake news. Text messages containing fake information were also sent to people.

Singapore's Cybersecurity Act to be Reviewed, Could Include Non-Critical Information Infrastructure

The Cyber Security Agency of Singapore (CSA) is reviewing the National Cybersecurity Act to include non-critical information infrastructure which plays an important role in connectivity, computing and data storage needs by 2023.

The Cybersecurity Act, enacted in 2018, focuses on computer systems involved in delivering essential national services in the physical world, such as water and energy. Critical sector organizations need to ensure the security of their systems and report cyberattacks within hours, among other requirements.

CSA will evaluate different options with the goal of applying a "risk-based approach" to protect these infrastructure and services, and for them to recover quickly after an attack.

Victims' Tool to Recover Cyber Fraud Funds Affirmed in Hong Kong

A Hong Kong court has reaffirmed its jurisdiction to grant vesting orders to assist victims of cyber fraud. The decision which is consistent with the recent success in obtaining vesting orders for clients and two other 2021 Court of First Instance decisions further vindicates the vesting order regime as a powerful tool for combating fraud.

Last year, the firm Hypertec was deceived into making payments of USD 1,360,500 and USD 250,000 into the bank accounts of the two defendants in Hong Kong through an email fraud. Hypertec had no prior or existing business dealings with the defendants. Hypertec commenced proceedings and sought default judgment. Hypertec also applied for orders that the sums standing in the bank accounts should be vested in Hypertec.

Whilst the court acknowledged that declaratory relief would normally not be granted by default without a trial, Deputy Judge Simon Leung reiterated that that was only a "rule of practice" and the court retained the discretion to do justice to the plaintiff where declaratory relief was appropriate. The court, therefore, entered monetary judgment in favor of Hypertec against the defendants respectively.

Only 40% of Singaporeans Polled Installed Cyber Security Apps on Phones

The Singapore Minister for Communications and Information Josephine Teo raised the issue about low cyber security protection on mobile phones in the country.

"Using digital technology is only half the story. We also need to better protect ourselves and our loved ones from its risks and threats," said Mrs Teo, speaking on the debate on her ministry's budget.

Of concern are seniors aged 60 and above. Only 40 percent of them could recognise and avoid phishing attempts, even though more than half were able to search for information online and 67 per cent could use instant messaging, she said.

In fact, only a third of the 500 seniors polled in the 2021 survey were able to use an antivirus software for their electronic devices, while less than half of the 220 respondents from lower-income households felt that they were proficient.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.