Singapore’s CRTF report provides blueprint to build resilient, secure cyberspace from growing ransomware threats
The Singapore government recently released its Counter Ransomware Task Force (CRTF) report which serves as a blueprint to drive the nation’s efforts to foster a resilient and secure cyber environment, domestically and internationally, to counter growing ransomware threats. The CRTF document identified how ransomware threats have grown significantly in scale and impact, emerging as an urgent problem for countries around the world, including Singapore.
Referencing ransomware threats, the CRTF report said that “it is inherently an international problem, as attackers conduct their operations across borders and jurisdictional lines to evade justice. Fuelled by illicit monetary gains, ransomware has raised a criminal ecosystem, offering criminal services from unauthorised access to targeted networks to money laundering services.”
“The criminal industry for ransomware is burgeoning because it is lucrative. With criminal groups offering Ransomware-as-a-Service, even unsophisticated criminals can have access to expanded capabilities to carry out their malicious activities,” Josephine Teo, Singapore’s minister for communications and information, said in the CRTF report. “Fuelled by illicit monetary gains, an entire self-sustaining ecosystem has emerged, offering criminal services from access to targeted networks to money laundering services.”
Teo pointed out that although it is most often characterized as a cyber-attack, the solution lies not just in better cybersecurity, but also in stronger cross-border law enforcement, and better measures against illicit finance and money laundering, especially where crypto assets are concerned.
Highlighting the important platform that the CRTF provides, Teo said that as a government, “we must be coordinated across the cybersecurity, law enforcement, and financial regulation domains in order to address the ransomware problem effectively. Such coordination will also put us in better stead to work with other countries and jurisdictions to interdict illicit funds arising from ransomware attacks, trace the criminal actors responsible, and raise financial standards against the laundering of ransom payments, thereby putting a stop to this global industry. Cooperation across countries will also help disrupt the ransomware business model, starve the ransomware criminal industry of profits, and eliminate safe havens for them,” she added.
David Koh, commissioner of cybersecurity, chief executive of CSA, and chairman of the CRTF, said in a media statement that “Ransomware is a threat to our companies and citizens. It can hurt us at many different levels, economically, socially, and even at a national security level. Ransomware is both a cross-border and cross-domain problem.”
“Not only does it require us to work together and draw on our expertise in many domains, such as cybersecurity, law enforcement, and financial supervision, it requires us to work with like-minded international partners to find common cause and identify solutions together,” Koh added. “We urge organisations and individuals to do their part too so that we can strengthen our collective defence against the ransomware scourge.”
The Cyber Security Agency of Singapore (CSA) announced in September that the government had convened an inter-agency CRTF to develop and make recommendations on possible policies, operational plans, and capabilities. The CRTF works towards improving the nation’s counter-ransomware efforts on the principle that for efforts to be effective, the ransomware threat must be tackled as a cross-domain challenge.
Over the initial nine months of the year, the CRTF met six times and achieved several outcomes. Firstly, it developed a consolidated model of the ransomware kill chain to facilitate a common understanding among agencies of the stages of a ransomware attack, as well as the required actions to prevent and mitigate the attack at each stage. Secondly, the CRTF reviewed Singapore’s national position on ransom payments to ransomware attackers to determine if the current advice remained relevant amidst the growing ransomware threat.
Thirdly, the CRTF has recommended the policies, operational plans, and capabilities the government should consider, to contribute to international efforts to stem the global ransomware problem and to secure Singapore from ransomware attacks. These recommendations will be taken up by the relevant government agencies for further study and implementation.
To address ransomware threats effectively, the CRTF report suggests that the government focus on four pillars of action. These include bolstering defenses of high-risk targets such as government agencies, critical information infrastructure, and businesses to make it harder for ransomware attackers to launch successful attacks.
It also put forward disrupting the ransomware business model to reduce the pay-off for ransomware attacks and support recovery so that victims of ransomware attacks do not feel pressured to pay the ransom, which fuels the ransomware industry. It also recommends aligning with international partners to ensure a coordinated global approach to countering ransomware.
To strengthen defenses of potential targets like government agencies, critical information infrastructure, and businesses, especially small and medium enterprises, and make it harder for ransomware attackers to launch successful attacks, the CRTF report suggests that organizations should adopt risk mitigation measures. These initiatives include a sound credential management policy to prevent unauthorized access, network segregation and segmentation, a robust offline backup system, and a restoration plan to ensure that key assets can be recovered in the event of a ransomware attack.
In the case of critical information infrastructure (CII) owners who operate essential services, the CRTF reviewed the Cybersecurity Code of Practice (CCOP), which was revised in July this year, and agreed that it provided adequate guidance for owners of CII on the appropriate risk identification and mitigation measures. The CCOP will be regularly updated to ensure that it remains relevant.
In an attempt to disrupt the ransomware business model to reduce the pay-off for ransomware attacks, the CRTF report put forward discouraging ransom payments to reduce the profit that ransomware attackers can expect from setting up ransomware attacks. The CRTF also recommends studying the implications of cyber insurance policies that include coverage of ransom payments on the ransomware industry, and the potential impact if such coverage is disallowed.
Additionally, the report proposed tracing the illicit flows of assets paid in ransom, usually in cryptocurrency, more effectively to reduce the likelihood of ransomware attackers being able to abscond with ransom payments.
The CRTF report also recommended supporting recovery so that victims of ransomware attacks do not feel pressured to pay the ransom, which fuels the ransomware industry. It suggests providing resources to victims to help them recover from ransomware attacks and encouraging cyber insurance as a risk management practice.
“Given the borderless nature of the ransomware threat, nothing that Singapore does on our own, within our jurisdiction, will be sufficient to effectively counter ransomware,” the report said. “Thus, it is paramount to the counter ransomware effort that we support and contribute to a coordinated global effort to address the ransomware threat.”
The CRTF is of the view that Singapore must support the development of best practices in information sharing, law enforcement, and financial regulation, to improve cross-border coordination. It must also drive the adoption of these best practices so that collectively, we deny safe havens to ransomware attackers, and contribute to capacity and capability development so that there are no ‘weak links’ amongst states that ransomware attackers can take advantage of.
In conclusion, the CRTF report said that the recommendations will also form the basis for improved cross-domain collaboration within the Government on this issue. “As we expect the ransomware threat to become ever more sophisticated, it is important for the Government to ensure that we have the right defences in place to protect our systems and to respond to attacks robustly. Our nation’s resilience against ransomware threats and overall cybersecurity posture will also undergird our growing digital economy by securing digital trade.”
However, given the scale and severity of the ransomware threats, Singapore cannot achieve these objectives alone. “It is thus imperative that we also work with other countries to contain the threat posed by ransomware attacks,” the report added.
Related
