Singapore Cybercrime: The Most Common Cybercrimes

The digital economy continues to grow, and so do the associated risks. In 2024, ransomware cases in Singapore increased by 21% to 159 cases (up from 132 in 2023), the number of infected infrastructure systems rose by 67% to approximately 117,300, and phishing attempts reported to the Cyber Security Agency of Singapore (CSA) increased by 49% to roughly 6,100. DDoS activity also intensified globally in late 2024, underscoring the need for business-grade resilience across sectors. These patterns demonstrate how criminals combine social engineering with technical tactics to target both individuals and enterprises. These crimes include hacking, ransomware, and website defacement, which collectively affect Singapore’s digital landscape. Cyberattacks frequently cause significant disruptions to digital infrastructure and daily operations, which can impact business continuity and public services.

Below is a concise overview of the most common threats in Singapore, along with steps your business can take to mitigate risk. Throughout, we cite current Singapore sources from the Police Force, the CSA, and recent regulatory developments. The Singapore Police Force plays a key role in combating cybercrime and coordinating enforcement actions. The government has launched several initiatives and collaborates with agencies to strengthen national cybersecurity and address digital threats. Scams remain a prevalent form of cybercrime in Singapore, with ongoing efforts to raise awareness and protect the public.

What qualifies as cybercrime in Singapore?

Under the Computer Misuse Act (CMA), the law defines offences including unauthorised access, unauthorised modification, wrongful interference, and misuse of computer services as criminal offences. In practice, that covers intrusions, credential attacks, malware deployment, data theft, and disruptive activity such as DDoS. Intent and purpose are key elements in determining whether an act constitutes an offence under the law. A cybercrime is committed when a person intentionally carries out or attempts to commit an offence, and the commission of such acts is punishable. This section applies to a wide range of activities, regardless of the specific function performed or connection established with the computer system. Obtaining unauthorized access, interception of data, and unauthorised use of computer services are all covered under the law. Unauthorised obstruction of computer systems is also an offence. There are legal defence provisions, and prosecution is carried out by the relevant authority when an offence is intended or committed. When fraud is executed through computer systems, it is cyber-enabled and falls within the scope of this definition.

The most common cybercrimes affecting Singapore businesses

1) Ransomware and data exfiltration

Attackers encrypt systems and steal data to increase leverage. This is often done with the goal of extortion, where attackers demand payment to restore access or prevent data leaks. Local impacts have extended through the supply chain. In April 2025, a third-party vendor incident potentially exposed customer correspondence for two major banks, despite the core banking systems not being breached, highlighting vendor risk.

Practical controls: Maintain offline or immutable backups and test restores. Patch internet-facing services quickly. Segment critical networks. Monitor for unusual data staging and egress. Prepare legal, regulatory, and customer-notification playbooks in advance.

2) Business Email Compromise (BEC)

BEC is a cyber-enabled crime where adversaries infiltrate or convincingly spoof business email to alter invoices or bank details. Common techniques include credential theft, mailbox rules, and thread hijacking, which facilitate unauthorized access and fraudulent activities. Strong email authentication and payment verification procedures are essential.

Practical controls: Roll out phishing-resistant MFA for finance and executive roles. Enforce SPF, DKIM, and DMARC with alignment. Require out-of-band verification for any payee change and hold first-time payments for review.

3) Phishing and credential harvesting

Phishing steals logins for cloud services, VPNs, financial portals, and admin consoles. Singapore’s landscape reporting notes sustained phishing activity and increasingly convincing lures, aided by tooling that lowers the barrier for attackers. It is crucial to identify phishing attempts early to prevent credential compromise. Stolen credentials then enable lateral movement and fraud. The information targeted by phishing attacks is often highly sensitive and valuable, making its protection essential.

Practical controls: Use conditional access and risk-based authentication. Prefer FIDO2 or platform authenticators for admins. Train with real examples your employees actually see, such as QR-code invoices and mobile prompts, and encourage rapid internal reporting.

4) Malware-enabled account takeover and sideloaded apps

Attackers persuade users to install malicious mobile or desktop apps that capture logins, cookies, and one-time passcodes, enabling real-time account takeover and data theft. Phones are particularly at risk, as attackers may use scam calls or SMS messages to trick users into installing these apps. CSA has documented campaigns that gave criminals pervasive device control and allowed additional payloads. Malware may exploit a compromised connection to spread further or exfiltrate sensitive data.

Practical controls: Use mobile device management to restrict sideloading. Enforce least privilege on endpoints. Block unknown developer certificates. Watch for accessibility service abuse and unusual notification or SMS access.

5) Distributed Denial-of-Service (DDoS)

DDoS floods online services to cause downtime or extort payment. These attacks often target the underlying network infrastructure, overwhelming it with malicious traffic. Singapore’s position as a regional connectivity hub means local organisations see significant volumes. Many of these DDoS attacks are carried out using large botnets that coordinate traffic surges, with global telemetry in Q4 2024 highlighting intense attack activity across Asia.

Practical controls: Engage your ISP or cloud provider for upstream scrubbing. Implement autoscaling and rate limits. Pre-stage DDoS runbooks with traffic baselines, contact trees, and clear success criteria.

6) Botnets, infected infrastructure, and credential stuffing

Compromised servers and IoT devices in Singapore are enlisted in botnets used for DDoS, scanning, and password-spraying or credential-stuffing attacks. Attackers exploit unauthorized access to computer material, including data and system resources, to expand their botnet operations. CSA’s reporting tracks these “infected systems” as an important leading indicator for background risk.

Practical controls: Harden internet-facing services, disable defaults, and require MFA. Utilize a web application firewall and bot management features. Rotate exposed API keys. Securing each key is critical, as unauthorized disclosure or misuse of access keys can lead to further compromise of computer systems. Monitor for anomalous login velocity and geo patterns.

7) Data breaches and unauthorised access

Breaches arise from misconfigured cloud storage, exposed admin panels, over-permissioned service accounts, or classic intrusions. Attackers may obtain and misuse an access code, password, or other credentials, increasing the risk of unauthorized entry. Beyond immediate containment, you will need forensics, notification, and remediation efforts, especially where personal data is involved. Unauthorised disclosure of access codes or sensitive data can result in criminal liability, with significant legal implications under cybersecurity laws. The CMA applies to unauthorised access and interference offenses.

Practical controls: Apply least privilege for service principals and third-party integrations. Continuously scan for misconfigurations in cloud storage, databases, and identity policy. Keep data maps so you can quickly assess impact and notify accurately.

8) Targeted intrusions and cyber espionage

High-value sectors and critical infrastructure are facing prolonged intrusion activity. In mid-2025, officials highlighted a cyber espionage group targeting critical infrastructure, underscoring the need for robust identity, segmentation, and monitoring in Operational Technology (OT) environments adjacent to critical infrastructure. The ministry responsible for cybersecurity oversight responded by emphasizing the importance of coordinated government action to address such threats.

Practical controls: Enforce strict admin separation. Monitor for identity abuse and living-off-the-land techniques. Segment OT from IT where relevant and validate remote access pathways.

National initiatives businesses can use

Internet Hygiene Portal (IHP). CSA’s IHP provides a one-stop check for website, email, and DNS configurations, plus actionable guidance on DNSSEC, HTTPS, and email authentication. Organisations can use IHP to baseline their external posture and track improvements over time.

Cyber landscape reporting. CSA’s Singapore Cyber Landscape 2024/2025 offers current trend intelligence on ransomware, phishing, infected infrastructure, and DDoS that security teams can use to prioritise controls. Submitting detailed incident reports, including evidence such as screenshots, is crucial for effective monitoring and response. These resources help organizations better understand cyber threats and adapt their security strategies. Ultimately, these efforts contribute to keeping Singapore’s digital environment safe.

A compact control set for Singapore enterprises

1. Identity first. Phishing-resistant MFA for admins and finance. Conditional access blocks risky sign-ins and unmanaged devices.
2. Email and domain hygiene. SPF, DKIM, DMARC with alignment and monitoring. Publish clear payment-change policies to blunt BEC. Use the IHP to validate DNSSEC and TLS configurations.
3. Harden the edge. Patch internet-facing assets quickly. Restrict RDP and SSH exposure. Use a WAF and bot management to reduce credential stuffing.
4. Backup and recovery. Offline or immutable backups, frequent restore testing, and segmentation that limits blast radius if a host is encrypted.
5. DDoS readiness. Upstream scrubbing contracts, traffic baselines, and runbooks that define how you will maintain service during an attack.
6. Third-party risk. Contractual security requirements, breach notification SLAs, and continuous monitoring for vendors with access to sensitive data. The 2025 vendor ransomware case shows why this matters.

Incident response muscle. A tested plan that names decision-makers, evidence-collection steps, bank contacts for urgent fund recovery in BEC cases, and regulator communication templates.

When to ask for help

If you encounter a suspicious payment request, a ransomware note, or a potential data breach, act immediately. Delays are common when victims do not realise the risk, and outcomes can worsen quickly, especially when incidents touch critical services or national security interests. Contact your bank and the police right away. The sooner you report, the better your chances of freezing funds or limiting damage. Singapore’s powers to restrict transactions exist to protect victims during that critical window.

How EIRE Systems Helps You Reduce Cyber Risk

EIRE Systems helps organisations across APAC reduce cyber risk with security assessments, identity and email hardening, endpoint protection, and incident response planning. We focus on practical controls that match your business size and regulatory profile, then help you measure progress over time. Contact us today and learn more about our cybersecurity solutions.

Sources:

• Cloudflare. (2025, January 21). Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4.https://blog.cloudflare.com/ddos-threat-report-for-2024-q4/
• Cyber Security Agency of Singapore. (2025, September 2). Singapore cyber landscape 2024/2025 [PDF].https://isomer-user-content.by.gov.sg/36/dcb2263a-4659-4117-833a-4bd6704c28dd/Singapore%20Cyber%20Landscape%202024_2025.pdf
• Cyber Security Agency of Singapore. (2025, June 3). Internet Hygiene Portal.https://www.csa.gov.sg/resources/internet-hygiene-portal/
• Reuters. (2025, April 7). Singapore’s DBS, BoC customer data at risk after ransomware attack on vendor.https://www.reuters.com/technology/cybersecurity/dbs-vendor-ransomware-attack-potentially-exposes-8200-customer-statements-2025-04-07/
• Computer Misuse Act 1993. (1993). Singapore Statutes Online.https://sso.agc.gov.sg/Act/CMA1993
• Reuters. (2025, July 18). Singapore says cyber espionage group targeting critical infrastructure.https://www.reuters.com/world/china/singapore-says-cyber-espionage-group-targeting-critical-infrastructure-2025-07-18/