CSA’s Singapore Cyber Landscape 2024/2025 Report

CSA’s Singapore Cyber Landscape 2024/2025 Report

On 3 September 2025, the Cyber Security Agency of Singapore (CSA) released its latest Singapore Cyber Landscape 2024/2025 report, providing a review of Singapore’s cyber risk landscape against a backdrop of global trends.

Here are the key highlights.

1. Singapore's Cyber Threat Landscape

In 2024, Singapore’s local cyber threat landscape largely mirrored global developments, with an uptrend across most categories:

• Phishing Attempts: 49% surge in reported cases (6,100+) with 12% of phishing emails containing AI-generated content. Banking and Financial Services, Government, and E-commerce being the most spoofed industries. Threat actors also increasingly used HTTPS protocols and prevalent Top-Level Domains (like .com and .cn) to add legitimacy to their phishing attempts.
• Ransomware Attacks: 21% increase in reported cases. MNCs and listed firms in manufacturing were prime targets. SMEs in professional services (consulting, legal, accounting) were disproportionately targeted. Data encryption remained a preferred tactic in this sector due to its operational impact. 
• Infected Infrastructure: 67% increase in infected systems, reaching approximately 117,300, underscoring the widespread use of outdated or unpatched systems. 
• Advanced Persistent Threat (APT) Activity: Suspected APT attacks on Singapore quadrupled since 2021, with groups like UNC3886 specifically targeting high-value, strategic assets including critical infrastructure. 
• Social Engineering: Surge in phone-oriented social engineering campaigns (vishing) and help-desk manipulation, exploiting human weaknesses, with threat actors often impersonating IT support staff.
• Supply Chain Cyber-Attacks: Organisations are inherently vulnerable due to a reliance on third-party vendors, with attackers targeting less secure suppliers. Major incidents include CrowdStrike outage (faulty update causing global disruption), which resulted in US$5.4 billion in financial losses to Fortune 500 companies and nearly 40,000 flight cancellations/delays. 
• Distributed Denial-of-Service (DDoS): Unprecedented rise in the sophistication and volume of DDoS attacks. Singapore was the seventh most attacked country globally in Q4 2024 and notably ranked as the third-largest source of DDoS attack traffic. Key industries targeted included telecommunications, internet services, and banking & financial services.
• Physical Infrastructure Risks (Submarine Cables): Submarine cables, the "backbone of the internet," remain a point of fragility for global connectivity. Singapore, connected to 26 submarine cables, remains vigilant to disruptions.

2. Impact of New Technologies

• Artificial intelligence (AI): AI again highlighted as a "double-edged sword". While threat actors are using AI for research, code troubleshooting, content generation for phishing, and payload development, AI also offers a powerful defensive tool.
• Cloud Services: The shift to cloud introduces new cybersecurity risks, as evidenced by three major cloud outages in 2024 (i.e., Alibaba, Microsoft Azureand Salesforce).
• Internet of Things (IoT): The rapid proliferation of IoT devices continues to pose cybersecurity challenges due to weak authentication, outdated firmware and lack of visibility.
• Hypervisor Attacks: Emerging targets for cyber-attacks with little security monitoring. A case study reveals an attacker establishing a hidden virtual machine to gain covert, prolonged access, bypass graphical user interfaces, and disrupt network connectivity.

3. Key Challenges

• Convergence of Cyber, Physical, and Digital Domains: Digital disruptions (e.g., software outages, cable cuts) can have tangible physical impacts.
• Supply Chain Vulnerabilities: Deep reliance on third-party vendors and open-source software makes supply chain attacks insidious and cascading. 
• Human Element as a Weak Link: Social engineering remains highly effective, exploiting human weaknesses rather than technical flaws, necessitating strong identity protection and employee training.
• Ongoing cyber talent shortage: Continuous investment in developing a robust cyber talent pipeline is crucial for addressing evolving threat landscape.
• Unpredictable Evolution of Threats: New technologies like AI and quantum computing present both opportunities and risks, requiring agility and continuous adaptation from defenders.

4. Singapore's Strategic Response 

Singapore’s Cybersecurity Strategy 2021 is built upon three strategic pillars: 1) Building Resilient Infrastructure, 2) Enabling a Safer Cyberspace, and 3) Enhancing International Cooperation, supported by two foundational enablers: Developing a Vibrant Cybersecurity Ecosystem and Growing a Robust Cyber Talent Pipeline. Key initiatives in 2024 included:

• Legislation and Regulation: Amendments to the Cybersecurity Act in 2024 expanded regulatory powers to include new entities like Systems of Temporary Cybersecurity Concern, Entities of Special Cybersecurity Interest and Foundational Digital Infrastructure.
• Operational Technology (OT) Security: Launch of the OT Cybersecurity Masterplan 2024 and the OTCEP Forum demonstrated Singapore's commitment to bolstering cyber defence for critical industrial systems.
• Cloud Security: CSA is developing a Cybersecurity Code of Practice for Cloud to guide secure adoption.
• AI Security: Guidelines and a Companion Guide were published to raise awareness and provide principle-level guidance for securing AI systems throughout their lifecycle.
• Empowering a Cyber-Savvy Population: Cyber Safe programmes for students, seniors, and IoT/medical device labelling schemes aimed to raise public awareness and strengthen digital resilience at the individual and organisational level.
• Strengthening Cybersecurity Ecosystem and Talent: CyberSG TIG Collaboration Centre, CyberBoost/Growth for startups, and SG Cyber Talent initiatives to boost local cyber talent. 
• Addressing Supply Chain Risks: CSA issued an advisory on Software Bill of Materials, advocating for their automated generation to help organisations identify and fix vulnerabilities in software components. 

Singapore’s cyber landscape is intensifying, with threats rising across the board and AI changing the game for attackers. CSA’s strategy shows a strong focus on regulation, resilience, collaboration and talent - critical for staying ahead in such an unpredictable, evolving threat environment.