SINGAPORE — About 500 Internet Protocol (IP) addresses in the Republic could have been affected by the WannaCry ransomware thus far, following cyber attacks around the world that began last Friday (May 12).
However, the files of those affected “might not be encrypted because of the ‘kill switch’ triggered by an analyst who goes by the Twitter name, MalwareTech”, said Mr Dan Yock Hau, director of the National Cyber Incident Response Centre, Cyber Security Agency of Singapore (CSA), on Tuesday (May 16).
“Affected users will still need to patch and clean up their systems,” he added.
Malware Tech has been identified as Mr Marcus Hutchins, a 22-year-old cyber expert from Britain who has been credited with stopping the WannaCry ransomware attack from spreading across the globe by accidentally triggering a “kill switch”.
Ransomware is a type of malware — software that is harmful to a computer — that essentially takes over a computer and prevents users from accessing data on the computer until a ransom is paid. The WannaCry ransomware has crippled computer systems in over 100 countries since Friday.
Mr Dan said CSA’s Singapore Computer Emergency Response Team (SingCert) is working with the Infocomm Media Development Authority and the Internet Service Providers to inform the potentially affected users.
As of Tuesday afternoon, “no critical information infrastructure” has been affected, he added.
While SingCERT received a small number of calls from those who wanted to find out more about ransomware prevention and patching, “there were no calls asking for help to recover from the ransomware”, Mr Dan said.
In response to TODAY's queries, StarHub said that it had received a “small number” of queries since setting up its helplines on Monday, with its business customers asking about “endpoint threat detection and response solutions” for businesses to defend their systems against ransomware.
Singtel said that it activated 24-hour helplines at 6pm on Monday, and received “a few calls” regarding ransomware.
“Our customer service officers will advise callers on how to protect their data against ransomware or malware. Alternatively, they can contact SingCERT for assistance,” said a Singtel spokesperson.
As the WannaCry ransomware attack heightens concerns over cyber security, an expert suggested that the world could see a segregation of the Internet for different activities in just a few years’ time: One for regular surfing, such as social media use and games, and the other reserved for secure activities dealing with customer data and banking systems.
Mr Paul van Kessel, global advisory cybersecurity leader of EY, a tax and advisory services firm, told a media briefing on cyber security on Tuesday: “Five years out, there’ll be another sort of Internet which is controlled by either corporates like Google, or governments are going to create ways to communicate between companies and their customers.”
Referring to the ransomware attack, Mr van Kessel noted that the scale of the attack has been moderate in Singapore, with authorities such as the CSA responding in a “swift and coordinated” manner.
However, he noted that small and medium enterprises, lacking the resources of large corporations, were likely to be hit by such attacks.
EY advisory partner Steve Lam warned that even the homefront is not safe from malware attacks. Devices such as nanny cams and baby monitors, which could be targeted by hackers, have to be secured properly through patching, he said.
Asked if Singapore’s push to be a Smart Nation could increase the risk of cyber attacks, Mr van Kessel said that this was a calculated risk for the Republic to take.
Mr Lam added: “When we start hooking up a lot of these devices, in cyber security lingo, you’re increasing the surface area. There are many things that could potentially go wrong.”
In restricting Internet access for public servants this year, the Government has made a bold move in changing the way in which the Internet is used, Mr van Kessel said.
“This is a recognition that the Internet is not safe. It is uncontrolled ... there’s no management around it and bad things are happening like WannaCry,” he added.
The Internet segregation points towards the Government exploring alternatives for businesses and people to communicate safely, Mr Van Kessel said.
While cyber security insurance is an option for organisations to protect themselves, Mr Lam noted the conundrum they face: Does the insurance coverage stop at handling the fallout of an attack, or does it go beyond that to cover penalties from the regulators and the loss of customer goodwill due to the breach?
Commenting on the feasibility of Internet segregation, Fortinet cybersecurity consultant Anthony Lim acknowledged that it would be tougher to attack the more secure network, given its additional features to enhance security.
However, there must be buy-in from businesses.
“In theory, it may be a good idea. But there has to be political will. It’s very easy to enforce in an organisation like the government. But commercial organisations are more profit-oriented, and will slip up. You expect banks and companies to use two Internets?” Mr Lim said.
Mr Collin Penman, Check Point Software Technologies regional managing director (South Asia), added that while the separation of networks could increase perceived security, it was more important for everyone in an organisation to learn to make the right decisions while accessing external content into the network. ADDITIONAL REPORTING BY FARIS MOKHTAR