Yay! We're closer to being the number 1 country that hosts the most compromised servers!

In a report from Kaspersky Security Network (KSN), 2024 saw Singapore rise to 8th on the global list of the countries with the most number of cyberattacks caused by locally based servers. Singapore ranked first on the list as the most compromised Southeast Asian (SEA) nation. 

Singapore placed 12th globally in 2022 and 9th in 2023 meaning that we’ve been steadily rising annually in this rather toxic list of nations. A few more years and we could top it all! 

Table 1: Number of attacks from local servers recorded (Source: Kaspersky)

Criminal gangs and threat actors use compromised servers to host websites that deliver malware to unwary users. Victims are drawn into these websites through fake advertisements, phishing links in emails and SMS, and other methods. Their computers and devices are later explored for vulnerabilities and breaches leading to data theft, ransomware attacks, or used as part of a botnet attack.

According to KSN, Singapore’s reputation as a clean and trusted business and tech hub makes it an optimal destination for cybercriminals to launch their attacks under disguise. Cybercriminals could spoof the origins of their attacks by using Singapore as a proxy through rented or compromised servers. Advanced cyberattacks may even utilise multiple layers of obfuscation, which can delay or prevent detection.

For example, the Infocomm Media Development Authority (IMDA) recently released an advisory about Stately Taurus, an Advanced Persistent Threat (APT) group that conducted cybercriminal activities against SEA countries including Singapore. It targeted SEA entities with self-propagating malware via removable drives and spear-phishing campaigns.

Adrian Hia, Managing Director for Asia Pacific at Kaspersky said:

Singapore is a Tier 1 data centre market in Asia Pacific and is home to large servers of tech giants. This entices cybercriminals to select servers based in Singapore to launch their attacks as it maximises the impact of their campaign. In a way, the high number of incidents originating from compromised servers here is a by-product of the large data centre industry in this country.

However, while Singapore had the most number of compromised servers in SEA, we had the least number of local threats in 2024 amongst SEA countries, meaning that all our efforts to bolster our cybersecurity defences haven’t been wasted. 

Local threats refer to offline and device-based malware transmission, which is more prominent in workplaces, schools, and government offices with the widespread use of removable media. Removable media include USB drives, CDs, DVDs, and other “offline” methods. Worms and file viruses account for many such incidents.

However, that doesn’t mean we should that local threats aren’t a challenge any more as the number of local threats in Singapore still increased 33.5% to 2,217,922 between 2023 and 2024.

To avoid falling victim to a targeted attack by a known or unknown threat actor, you can implement the following measures to protect your servers or devices:

• Update your operating system, applications, and antivirus software regularly to patch known vulnerabilities.
• Be cautious of emails, messages, or calls asking for sensitive information. Verify the sender’s identity before sharing any personal details or clicking on suspicious links.
• Provide your SOC team with access to the latest threat intelligence (TI). 
• Upskill your cybersecurity team to tackle the latest targeted threats.
• Implement Endpoint Detection and Response (EDR) solutions to provide endpoint-level detection, investigation, and timely remediation of incidents.

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.