Credentials from several government agencies and educational institutions, as well as more than 19,000 compromised payment cards from banks in Singapore, have been put up for sale online by hackers.
“Around 50,000 of them are government e-mail addresses. They are either outdated or bogus addresses, except for 119 of them which are still being used” said Mr Alexander Kalinin, head of Group-IB’s Computer Emergency Response Team
The Government Technology Agency (GovTech), Ministry of Education, Ministry of Health, Singapore Police Force and National University of Singapore’s learning management system are among those affected sites.
Mr Kalinin from Group-IB, who discovered the threat, said his team had reached out to the Singapore Computer Emergency Response Team (SingCert) after the discovery.
“It is likely that these credentials are still on sale on underground forums,” he said. It is not known if any of the compromised credentials was used illegally, but Mr Kalinin said such stolen information has been used by cyber criminals in other cases.
“It is not unusual when a compromised account is used by cyber criminals to infiltrate an organisation’s internal network for the purpose of sabotage and espionage,” he said.
SingCert to verfiy stolen credentials
He added that his team had refrained from verifying the credentials themselves, and instead left it to SingCert to do so.
“The verification of stolen credentials would require a log-in session using compromised log-ins and passwords which is not only unethical but also a crime,” he said.
“SingCert confirmed the receipt of the information, thanked Group-IB for sharing the list of compromised credentials and promised to verify and perform the necessary actions.”
Singapore becoming a major target for cyber threats as it is a regional financial hub
Group-IB said that in 2018, a total of 21 state-backed hacking groups were detected in the region, more than the combined number for the US and Europe.
They clarified that Singapore, which is one of the largest financial centres in the region, is a major target, as the company researchers found that almost 20,000 of Singaporean banks’ payment cards have shown up for sale in the dark web in 2018.
The company said that the number of leaked cards increased in 2018 by 56% and the total underground market value of Singaporean banks’ cards compromised in 2018 is estimated at nearly $640 000.
Group-IB also said that Singapore is “drawing more and more attention” from financially motivated hackers every year.
Numerous recent breaches and cyberattacks in the public and private sectors
Last June, the personal data of 1.5 million patients of healthcare cluster SingHealth, including Prime Minister Lee Hsien Loong, was stolen in the country’s worst cyber attack.
Other breaches included the online leak of personal information of 14,200 patients from the HIV Registry and improper handling of data belonging to more than 800,000 blood donors by a vendor last week.