According to Trend Micro, business email compromise scams are a pressing issue amongst Singapore-based companies. The nation ranked first in SEA for experiencing the most business email compromise attacks last year (27.3%), followed by Malaysia (26.1%) and Indonesia (25%). While these attacks are less frequent than phishing attacks, they are more sophisticated and take more careful planning for cybercriminals, said Trend Micro. On average, they yield approximately SG$177,000 per attack.
Overall, Singapore also ranked third in SEA for experiencing the most email threats last year, which included spam, preceded by Vietnam and Indonesia.
"The changes across the threat landscape in 2018 reflect a change in the mindset of cybercriminals," said Nilesh Jain, vice president, SEA and India, Trend Micro. "Previously, attackers relied on spray and pray style attacks. Today, they can be more effective with targeted phishing emails to infect victims who click the links or open the attachments. Enterprises need to strengthen their cyber defenses at every touchpoint, namely, on the endpoint, in the cloud, and at the network layer."
Trend Micro detected more than 55 million malware attacks in SEA. Malaysia took top spot at 29.6%, followed by Singapore (19.8%) and Thailand (16.4%). The number of business email compromise attacks in 2018 increased by 28% globally.
As business email compromise attacks contain no malware and go undetected by traditional security measures, Trend Micro said that companies need to increase their protection against these attacks with smart solutions that analyse the email writing style of key executives in order to identify whether the email may be fraudulent. Solutions include robust artificial intelligence and machine learning systems.
Meanwhile, ransomware detections decreased by 91% globally compared to 2017, along with a 32% decrease in new ransomware families. The report added that the findings reinforces the shift in attack tactics, as ransomware does not require "extensive planning, technical skills or ingenuity due to the large number of resources available for malicious hackers in the cybercriminal underground."