Emerging Ransomware & Phishing Trends Targeting Businesses in Singapore

Singapore stands at the forefront of technological advancement, consistently ranking high in global innovation and digital transformation indices. At the heart of this transformation is the Smart Nation initiative, launched in 2014. This visionary government-led project aims to make Singapore more connected, data-driven, and efficient. It has led the country into a new era, bringing advancements in smart services across healthcare, transportation, and urban planning, all designed to improve the lives of its citizens. Yet, as Singapore continues to embrace digital innovation, a crucial question arises: has its cyber security infrastructure evolved in tandem with these advancements?

Let’s take a closer look at the facts. In 2024, scam victims in Singapore lost a total of $1.1 billion, setting a new record for the highest losses in a single year. Job scams continued to be among the top scams of concern. Phishing scams were among the top three types of scams, with $59.4 million lost—more than four times the amount lost in 2023. Over 135,000 ransomware attacks were detected across Southeast Asia in 2024. While businesses in Singapore reported 208 ransomware attacks, the lowest number in the region, this is still a significant concern.

In this article, we will explore the current state of cyber security in Singapore, focusing particularly on the rising trends of ransomware and phishing attacks. As the digital frontier expands, understanding the evolving cyber security challenges is essential for ensuring that the benefits of technological progress are protected.

Top 5 Ransomware Trends Affecting Businesses in Singapore

1. Rise of Ransomware-as-a-Service (RaaS)

Ransomware-as-a-Service (RaaS) is an increasing concern for businesses in Singapore. The rise of this model has led to a surge in ransomware attacks, as it allows cyber criminals with limited technical skills to deploy sophisticated ransomware attacks with ease. A major law firm in Singapore, Shook Lin & Bok, became the victim of the Akira ransomware group, a prominent RaaS operator. This attack led to the firm paying a significant ransom to regain access to their files. Although no data was reported as stolen, the incident highlighted the growing threat posed by RaaS operations. Other notable RaaS groups targeting Singapore include Black Basta, LockBit 3.0, and RansomHub, all of which have been linked to a growing number of attacks in the region. These groups offer ransomware tools to affiliates, amplifying the reach and frequency of such cyber attacks.

2. Targeting Critical Sectors

Ransomware attacks continue to target critical sectors in Singapore, with certain industries becoming prime targets due to their operational dependencies and vulnerabilities. As per the Socradar Threat Landscape Report 2025, the manufacturing sector is the most targeted by ransomware in Singapore, accounting for 31.58% of attacks. This is largely due to its reliance on continuous operations and vulnerable supply chains. The wholesale trade sector follows at 12.87%, reflecting the focus on industries crucial to logistics and inventory movement. Real estate and rental services ranks third with 11.11%, indicating a growing trend of attacks on service-based and infrastructure-dependent industries.

3. Double Extortion Tactics

Data exfiltration is becoming a key tactic in ransomware attacks, where cyber criminals steal sensitive data before encrypting it. This is often part of a double extortion strategy, where attackers not only demand a ransom to decrypt the data but also threaten to release or sell the stolen information if the ransom is not paid. A recent example in Singapore involved a ransomware attack on Toppan Next Tech, a vendor serving DBS Bank and Bank of China. The attackers exfiltrated customer data, including names and loan account numbers, affecting around 8,200 DBS clients and 3,000 Bank of China customers. This highlights the growing use of data exfiltration to increase pressure on victims to comply with ransom demands. As ransomware tactics evolve, organizations must strengthen their defenses to protect against both data encryption and exfiltration.

4. Ransomware Exploiting Cloud Vulnerabilities

As businesses in Singapore shift to cloud-based infrastructures, the complexity of securing data increases, creating new opportunities for cyber criminals to exploit vulnerabilities. According to a report by TechWire Asia, the significant increase in cyber attacks can be attributed to this very reason, with ransomware emerging as one of the top threats. As more businesses adopt cloud infrastructures, cyber criminals are exploiting cloud misconfigurations to gain unauthorized access to sensitive data. Hybrid cloud environments, which combine on-premises and cloud resources, are particularly vulnerable, requiring stronger security measures. The rise in cyber threats due to the growing reliance on cloud technology underscores the need for businesses to adopt comprehensive security strategies and conduct periodic audits of their cloud configurations to prevent attacks.

5. Ransomware Targeting Supply Chain Vulnerabilities

A growing ransomware trend involves exploiting weaknesses in supply chains, with attackers increasingly targeting third-party vendors to gain unauthorized access to larger organizations. A recent and significant example of this is the ransomware attack on Toppan Next Tech (TNT), a supplier to DBS Bank and Bank of China in Singapore. On 6 April 2025, TNT reported a cyber attack that compromised the personal data of approximately 8,200 DBS clients and 3,000 Bank of China customers. This incident underscores the growing risks associated with third-party security weaknesses, as attackers are increasingly targeting suppliers to bypass security measures of larger organizations. Organizations must adopt a proactive approach to supply chain security and ensure comprehensive cyber security measures are in place to safeguard against these emerging threats.

Top 5 Phishing Trends Affecting Businesses in Singapore

1. AI-Powered Phishing Attacks

AI-powered phishing attacks are becoming a growing concern in Singapore. Cyber criminals are using artificial intelligence to make phishing scams more sophisticated and convincing. The Cyber Security Agency (CSA) has highlighted that 13% of phishing scams analyzed in 2023 were likely generated using AI, showcasing the rising trend of AI-driven cyber attacks. These phishing emails are more polished, with better grammar, structure, and flow, making them harder to detect than traditional scams. AI also enables attackers to adopt a more authoritative tone, making their messages more persuasive and dangerous. One notable incident in Singapore involved a deepfake scam, where a cyber criminal impersonated a company’s CEO through a video call, using AI technology to trick a finance director into authorizing a large financial transfer. The growing sophistication of these AI-powered phishing scams means that individuals and organizations are at greater risk of falling victim to fraud.

2. Impersonation Scams Targeting Government Services

Scammers are increasingly impersonating government agencies to deceive individuals, a trend that has led to significant financial losses in Singapore. As per the Singapore Police Force’s report in April 2025, 34 individuals were arrested in connection with an operation targeting scams that involved impersonating government officials. These scammers often pretended to be representatives from government agencies, deceiving victims into providing personal information or making fraudulent payments. The operation underscores the persistent threat posed by these impersonation scams. Similarly, in April 2022, the Singapore Police Force issued a public advisory regarding scams where fraudsters impersonated the Government of Singapore Investment Corporation (GIC) to trick individuals into making fraudulent investments.

3. Increase in Quishing

In Singapore, the rise of quishing (QR code phishing) has become a significant concern, as cyber criminals increasingly exploit QR codes to deceive victims. A notable case involved a 60-year-old woman who lost S$20,000 after scanning a fraudulent QR code linked to a bubble tea survey. This incident highlights the growing threat of quishing, where attackers use QR codes to redirect victims to malicious websites designed to steal personal information. These scams often appear legitimate, making it more difficult for individuals to identify them as fraudulent. As QR code usage continues to rise in marketing, payments, and other services, it’s crucial for the public to exercise caution. This is especially important when scanning QR codes, particularly those received from untrusted sources.

4. Phishing Scams via Online Messaging Platforms

Phishing scams are increasingly being executed through online messaging platforms such as iMessage and Android Rich Communication Services (RCS). Cyber criminals are taking advantage of these platforms to impersonate trusted organizations, often blending fraudulent messages with legitimate communications. This trend makes it harder for victims to distinguish scam attempts from authentic messages. Scammers typically send urgent messages, tricking recipients into clicking on malicious links that lead to phishing websites designed to steal personal and financial information. The trend highlights the growing need for better safeguards across all digital communication channels. The Singapore Police Force issued an advisory in December 2024 warning the public about these rising phishing scams via online messaging platforms.

5. Phishing Threats During General Election Campaigns

The Cyber Security Agency of Singapore (CSA) has issued an advisory regarding the increased risk of phishing attacks during the upcoming General Election period. Cyber criminals may exploit the heightened political activity to impersonate election candidates and political parties, potentially using fraudulent social media accounts, fake websites, and emails to mislead voters. These phishing attempts may involve asking for personal information, donations, or directing victims to malicious links. With AI-driven tactics, scammers are crafting highly personalized and convincing phishing messages, making it harder for voters to distinguish legitimate sources from fraud. The CSA urges voters to exercise caution, verify sources before clicking on any links or providing sensitive data, and report suspicious activity to ensure they remain protected during the election period.

A Call for Proactive Leadership

We’ve talked about ransomware and phishing—two of the biggest cyber threats making waves in 2025. But here’s the real question: are these the only threats to worry about? Of course not. This is just a small piece of the puzzle. There are countless other risks, each more complex and sophisticated than the last. These evolving threats underscores the importance of continuous awareness, enabling organizations to proactively address emerging threats and strengthen their security posture.

Now, when it comes to securing an organization, there is no universal fix. Each business operates in its own unique environment, shaped by factors like industry, scale, and infrastructure. For leaders, knowing the organization and identifying its unique risks is crucial. The steps taken today will shape the security posture of the organization in the future.

Cyber security can’t be treated as a tick-box task. It should be embedded into the organization’s goals, not just a checklist to complete.